Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SBAFLA TeamCALL marcia.main__ (lo).msg

Overview

General Information

Sample name:SBAFLA TeamCALL marcia.main__ (lo).msg
Analysis ID:1559727
MD5:5f2f901d5af359fdfd7a560f77e46973
SHA1:2c79129c62f86bc07c0a2e73ba5b7a430472f90e
SHA256:5e2d46920e0ebcb83e22e4fe5ac8f23a1fef3b17bd16a36230a5fb23475ec278
Infos:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Antivirus detection for URL or domain
Yara detected HtmlPhish54
AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
AI detected suspicious URL
Detected hidden input values containing email addresses (often used in phishing pages)
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6956 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\SBAFLA TeamCALL marcia.main__ (lo).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 4044 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3A657B10-5432-4F75-9FB5-A93ACED7DB9C" "2407A1A4-BB13-4B94-B878-E022E7F92833" "6956" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6700 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com.kw/url?q=queryh6qh(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2fpeaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$? MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6444 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2020,i,16948717757450760364,17296502256269630033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
SourceRuleDescriptionAuthorStrings
1.3.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
    2.2.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
      1.10.id.script.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
        3.6.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
          3.8.pages.csvJoeSecurity_HtmlPhish_54Yara detected HtmlPhish_54Joe Security
            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6956, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: http://safrareal.com.br/favicon.icoAvira URL Cloud: Label: phishing

            Phishing

            barindex
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueJoe Sandbox AI: Score: 9 Reasons: The URL contains multiple repetitions of the word 'microsoft', which is suspicious and indicative of phishing., The domain 'almajapharma.com' does not match the legitimate domain for Microsoft, which is 'microsoft.com'., The brand 'SBA Florida' does not align with the URL or the input fields, suggesting a potential phishing attempt., The presence of a password input field on a non-legitimate domain is a common phishing tactic. DOM: 3.9.pages.csv
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginJoe Sandbox AI: Score: 9 Reasons: The URL contains the word 'microsoft' repeated multiple times, which is a common tactic used in phishing to confuse users., The domain 'almajapharma.com' does not match the legitimate domain for Microsoft, which is 'microsoft.com'., The presence of a password input field on a non-legitimate domain is suspicious and indicative of phishing., The brand 'SBA' does not match the URL, which is attempting to impersonate Microsoft., The use of a non-standard domain extension and unrelated domain name increases the likelihood of phishing. DOM: 4.10.pages.csv
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginJoe Sandbox AI: Score: 9 Reasons: The URL contains 'microsoft' multiple times, which is a well-known brand., The domain 'almajapharma.com' does not match the legitimate domain 'microsoft.com'., The presence of 'microsoft' repeated in the subdomain is suspicious and indicative of phishing., The brand 'SBA' is not directly associated with the URL, which increases suspicion., The use of a password input field on a non-legitimate domain is a common phishing tactic. DOM: 4.11.pages.csv
            Source: Yara matchFile source: 1.3.id.script.csv, type: HTML
            Source: Yara matchFile source: 2.2.pages.csv, type: HTML
            Source: Yara matchFile source: 1.10.id.script.csv, type: HTML
            Source: Yara matchFile source: 3.6.pages.csv, type: HTML
            Source: Yara matchFile source: 3.8.pages.csv, type: HTML
            Source: EmailJoe Sandbox AI: Page contains button: 'LISTEN NOW' Source: 'Email'
            Source: EmailJoe Sandbox AI: Email contains prominent button: 'listen now'
            Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious sender domain 'sowfoodsng.com' doesn't match the claimed organization (SBAFLA). Contains a highly suspicious encoded/malformed URL with multiple redirects and base64 encoding. Email contains mixed languages and seemingly unrelated content, typical of phishing attempts
            Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com
            Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: marcia.main@sbafla.com
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: Number of links: 0
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginHTTP Parser: Number of links: 0
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginHTTP Parser: Title: Sign in to your account does not match URL
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: Iframe src: https://d63b3b3c-a55f19a1.almajapharma.com/Prefetch/Prefetch.aspx
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: Iframe src: https://d63b3b3c-a55f19a1.almajapharma.com/Prefetch/Prefetch.aspx
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: Iframe src: https://d63b3b3c-a55f19a1.almajapharma.com/Prefetch/Prefetch.aspx
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: Iframe src: https://d63b3b3c-a55f19a1.almajapharma.com/Prefetch/Prefetch.aspx
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginHTTP Parser: Iframe src: https://d63b3b3c-a55f19a1.almajapharma.com/Prefetch/Prefetch.aspx
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: <input type="password" .../> found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginHTTP Parser: <input type="password" .../> found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$HTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginHTTP Parser: No favicon
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="author".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginHTTP Parser: No <meta name="author".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
            Source: https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/loginHTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49701 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.147.10:443 -> 192.168.2.16:49704 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.147.10:443 -> 192.168.2.16:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49740 version: TLS 1.2
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
            Source: unknownTCP traffic detected without corresponding DNS query: 2.20.68.201
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.10
            Source: unknownTCP traffic detected without corresponding DNS query: 52.149.20.212
            Source: global trafficHTTP traffic detected: GET /yoya/peaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$ HTTP/1.1Host: safrareal.com.brConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: safrareal.com.brConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://safrareal.com.br/yoya/peaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: www.google.com.kw
            Source: global trafficDNS traffic detected: DNS query: safrareal.com.br
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: 05548fe0-a55f19a1.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: 0e36e665-a55f19a1.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: 25ea7021-a55f19a1.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: l1ve.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: d63b3b3c-a55f19a1.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: 09122261-a55f19a1.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: 19124626-a55f19a1.almajapharma.com
            Source: global trafficDNS traffic detected: DNS query: f1e241f6-a55f19a1.almajapharma.com
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 20 Nov 2024 20:25:19 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
            Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
            Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49701 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.147.10:443 -> 192.168.2.16:49704 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49705 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 20.190.147.10:443 -> 192.168.2.16:49706 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.16:49740 version: TLS 1.2
            Source: classification engineClassification label: mal76.phis.winMSG@19/47@36/131
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241120T1524550500-6956.etl
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\SBAFLA TeamCALL marcia.main__ (lo).msg"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3A657B10-5432-4F75-9FB5-A93ACED7DB9C" "2407A1A4-BB13-4B94-B878-E022E7F92833" "6956" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com.kw/url?q=queryh6qh(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2fpeaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$?
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2020,i,16948717757450760364,17296502256269630033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3A657B10-5432-4F75-9FB5-A93ACED7DB9C" "2407A1A4-BB13-4B94-B878-E022E7F92833" "6956" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com.kw/url?q=queryh6qh(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2fpeaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$?
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=2020,i,16948717757450760364,17296502256269630033,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
            Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure1
            Drive-by Compromise
            Windows Management Instrumentation3
            Browser Extensions
            1
            Process Injection
            1
            Masquerading
            OS Credential Dumping1
            Process Discovery
            Remote ServicesData from Local System2
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            Registry Run Keys / Startup Folder
            1
            Registry Run Keys / Startup Folder
            1
            Modify Registry
            LSASS Memory12
            System Information Discovery
            Remote Desktop ProtocolData from Removable Media3
            Ingress Tool Transfer
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAt1
            DLL Side-Loading
            1
            DLL Side-Loading
            1
            Process Injection
            Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
            Non-Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading
            NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture4
            Application Layer Protocol
            Traffic DuplicationData Destruction

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            http://safrareal.com.br/favicon.ico100%Avira URL Cloudphishing
            NameIPActiveMaliciousAntivirus DetectionReputation
            l1ve.almajapharma.com
            209.38.225.84
            truefalse
              unknown
              www.google.com.kw
              142.250.181.99
              truefalse
                unknown
                microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com
                209.38.225.84
                truetrue
                  unknown
                  f1e241f6-a55f19a1.almajapharma.com
                  209.38.225.84
                  truefalse
                    unknown
                    05548fe0-a55f19a1.almajapharma.com
                    209.38.225.84
                    truefalse
                      unknown
                      09122261-a55f19a1.almajapharma.com
                      209.38.225.84
                      truefalse
                        unknown
                        19124626-a55f19a1.almajapharma.com
                        209.38.225.84
                        truefalse
                          unknown
                          www.google.com
                          172.217.21.36
                          truefalse
                            high
                            d63b3b3c-a55f19a1.almajapharma.com
                            209.38.225.84
                            truefalse
                              unknown
                              0e36e665-a55f19a1.almajapharma.com
                              209.38.225.84
                              truefalse
                                unknown
                                safrareal.com.br
                                191.252.128.160
                                truefalse
                                  high
                                  25ea7021-a55f19a1.almajapharma.com
                                  209.38.225.84
                                  truefalse
                                    unknown
                                    NameMaliciousAntivirus DetectionReputation
                                    http://safrareal.com.br/favicon.icotrue
                                    • Avira URL Cloud: phishing
                                    unknown
                                    https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/common/logintrue
                                      unknown
                                      http://safrareal.com.br/yoya/peaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$false
                                        unknown
                                        https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$false
                                          unknown
                                          https://microsoft-microsoft-microsoft-microsoft-microsoft.almajapharma.com/?no=bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$&sso_reload=truetrue
                                            unknown
                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs
                                            IPDomainCountryFlagASNASN NameMalicious
                                            52.113.194.132
                                            unknownUnited States
                                            8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            172.217.19.206
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            172.217.19.227
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            1.1.1.1
                                            unknownAustralia
                                            13335CLOUDFLARENETUSfalse
                                            172.217.17.46
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            172.217.17.35
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            20.189.173.12
                                            unknownUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            191.252.128.160
                                            safrareal.com.brBrazil
                                            27715LocawebServicosdeInternetSABRfalse
                                            74.125.205.84
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            239.255.255.250
                                            unknownReserved
                                            unknownunknownfalse
                                            52.109.32.97
                                            unknownUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            2.19.126.160
                                            unknownEuropean Union
                                            16625AKAMAI-ASUSfalse
                                            172.217.19.170
                                            unknownUnited States
                                            15169GOOGLEUSfalse
                                            209.38.225.84
                                            l1ve.almajapharma.comUnited States
                                            7018ATT-INTERNET4UStrue
                                            172.217.21.36
                                            www.google.comUnited States
                                            15169GOOGLEUSfalse
                                            142.250.181.99
                                            www.google.com.kwUnited States
                                            15169GOOGLEUSfalse
                                            52.109.76.243
                                            unknownUnited States
                                            8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                            IP
                                            192.168.2.16
                                            Joe Sandbox version:41.0.0 Charoite
                                            Analysis ID:1559727
                                            Start date and time:2024-11-20 21:24:21 +01:00
                                            Joe Sandbox product:CloudBasic
                                            Overall analysis duration:
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                            Number of analysed new started processes analysed:18
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • EGA enabled
                                            Analysis Mode:stream
                                            Analysis stop reason:Timeout
                                            Sample name:SBAFLA TeamCALL marcia.main__ (lo).msg
                                            Detection:MAL
                                            Classification:mal76.phis.winMSG@19/47@36/131
                                            Cookbook Comments:
                                            • Found application associated with file extension: .msg
                                            • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
                                            • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132
                                            • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, ukw-azsc-config.officeapps.live.com, s-0005-office.config.skype.com, europe.configsvc1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net
                                            • Not all processes where analyzed, report is missing behavior information
                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                            • VT rate limit hit for: SBAFLA TeamCALL marcia.main__ (lo).msg
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):231348
                                            Entropy (8bit):4.3782964669202675
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:8AF714638EAE5C7D6CDA15FF4977AA62
                                            SHA1:D72430FE3A97BE2D45CA3283C2030D6FA8F10B22
                                            SHA-256:6DF9937BDBF04FDA77475C8F36F0C5A4A8E8A70DB0C7D607E8A04743B7FA52FF
                                            SHA-512:3895E8C62EB3D0F9852181783A5034656E60B8B104DBF8AAFB0B7E51D7C3853A2FB2A1E02331E10736AC0192D297D357CAAEA45F5E21AE05727466F7AC097DEA
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:TH02...... ..Qu8.;......SM01X...,.....d8.;..........IPM.Activity...........h...............h............H..hL.o........n...h...........H..h\cal ...pDat...h.5..0.....o....h..#............h........_`Pk...h..#.@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k.."k....p..i..!h.............. h.9........o...#h....8.........$h.......8....."h..............'h..=...........1h..#.<.........0h....4....Uk../h....h.....UkH..h.]..p...L.o...-h ........o...+hS.#.....@.o................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                            Category:dropped
                                            Size (bytes):322260
                                            Entropy (8bit):4.000299760592446
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:CC90D669144261B198DEAD45AA266572
                                            SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                            SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                            SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:ASCII text, with no line terminators
                                            Category:dropped
                                            Size (bytes):10
                                            Entropy (8bit):2.3219280948873626
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:04B8E763CD879112C39882AB14B45D32
                                            SHA1:DE1B33CE8FC5A048076C8109824D7F4B198EA43F
                                            SHA-256:0E24522B1B0046D723D730D72DBD69EF7DFB78DCDEA6D859C2CD9888E0440B40
                                            SHA-512:43EF3D48120AA70701C733EB8ECECE319B7C8C4F68CF1C9FF029615DE9603682435D994CAA4E64951F94DC5D9ECFEF8D15F00547E9961F6215F07EAE8F7E7C59
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:1732134303
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):180335
                                            Entropy (8bit):5.28922693116446
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:CCFC7DA87652EA9E0028ED01910E0669
                                            SHA1:8BB314AA6B338D6706701AC11CFFCD391E101C60
                                            SHA-256:B7FDE6ACEBAAAE2A7FCF44BF8C511154FDD0E1C575AEA437E277640877DDC06B
                                            SHA-512:62601D9B27E9D8DBEDEF60C8C7103BCAF6FF73138FA8971DA49FFB7B467E59A12F5C69DD6B135873153DB805AC9CEC4F4A2AF2118B7D4C7E8F6568390507E782
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-20T20:24:58">.. Build: 16.0.18307.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                            Category:dropped
                                            Size (bytes):4096
                                            Entropy (8bit):0.09216609452072291
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F138A66469C10D5761C6CBB36F2163C3
                                            SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                            SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                            SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):0.04421005668377624
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:AEF44EA4E919F611FC156D3490B88E85
                                            SHA1:69F784B1209769BD4C84AD45CA36338480EFD8F6
                                            SHA-256:41BE25656FCE4FE2B5504C41AE3C2BACF0ABB2B96B15422260462F2685EF27D5
                                            SHA-512:3A12FA8F11C7E2B4B23D2B2589791217334781A21B74D47FE0A47EA1D7DD34EC67EF1C127BBCEA1E8AF6981843B65D344DB25A524145B3288B7F0B491FEA0B34
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:..-..........................@......P....>.......-..........................@......P....>.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:SQLite Write-Ahead Log, version 3007000
                                            Category:dropped
                                            Size (bytes):45352
                                            Entropy (8bit):0.39449208238998984
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:C78CDA104D04276382936E8321C4A849
                                            SHA1:0303A440CE5D48A58AE5A795A0950D54CBA2B665
                                            SHA-256:1E52B373F0994F11C8249899FF175BFFE797D7388CD90B6DAD2D4DC6A2464584
                                            SHA-512:EC75B288C6AA1930EB54B28F6FE66BCD86A3A9D0D614A0B94636D44A66E6A1F06FF098F41EA809481BAC778FC0D8D21C70442286E1A1EC890984BDFBD53E7FDD
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:7....-..............P.......Tu.............P.....w..vU/SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):2278
                                            Entropy (8bit):3.852322712660019
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BB319B30FC538249B8818B0CBE8A1CEC
                                            SHA1:6C9E634586082A79A2E78B244C229B171E211C1A
                                            SHA-256:052E3E28A1BFE9DAE2356B028273B30D185D10AC00C1387A895907C87C4531DA
                                            SHA-512:5ED48FF095E7F5FC5A502E5656C2B3DD8519E476DA14C657598B4DE74F3319B5AD5F2D0BC0A928D6F04E558307FB9D485B84FD932FB65C14FD215C900F56022B
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.I.f.2.p.p.I.7.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.j.v.e.g.7.v.
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:modified
                                            Size (bytes):2684
                                            Entropy (8bit):3.898531128005289
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F0EAA4E9E4CBB32F9505E127A175833F
                                            SHA1:1F64620441945B6AD705B4C7E88F1F2452E7D251
                                            SHA-256:4EE9BAD735F5A0D1371B5B2A4A0F26CA02EDF2E1FA9B124E82CBADFAEC6C211C
                                            SHA-512:D75D28FA2320E26C76BCD567267DEE6A8CE81B8129F85D1EAF3D6D480171D80B084711E5FC875AE8EF90367AABCFC6F3B3FD68F2DF5B13F378BF3099C68E2FA5
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.z.d.z.v.l.t.a.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.j.v.e.g.7.v.
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):4542
                                            Entropy (8bit):4.000970370991882
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:69AEEA3908042EFA09A3772FA49FEBBE
                                            SHA1:6B93111877D6224494A20A2D1FCD36CB0CCAD4C7
                                            SHA-256:FCB58193573B1A6D13811BF41329F464BF3744F48BC43E2448BF4E751CD93AF1
                                            SHA-512:C24DE5B54CE3759B670B9E1BDE2DD0EEA47F3CC922A3C3ABC68F7D7D2B56D5F7A48C435955166A39FE63E922255636C64EA14EC4F2347FD13F9861CF836E778D
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".w.g.v.1.j.I.o.7.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.j.v.e.g.7.v.
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:PNG image data, 1334 x 550, 8-bit/color RGBA, non-interlaced
                                            Category:dropped
                                            Size (bytes):84890
                                            Entropy (8bit):7.853166386226797
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:6163F273D230D8B76AC02450B64ED7E9
                                            SHA1:0A56FFAD17F6731F88B01D5BF1B420DB182F5812
                                            SHA-256:B2BEA91E537A7B1145ADA3D83B38094AA4AB29182602F06786FCA7EF9BF6C5FE
                                            SHA-512:31D21A6ED9B843AE005BF4863C039E01230F16BE31576269FB03D3F46F24127F3379BFE4DF4D54B1E3CE03F76C71EA4027E9FC17E968C13B80B1EC3B0078CDED
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:.PNG........IHDR...6...&.....i[.-...?iCCPICC Profile..H..W.XS...[..@h..........B. ..6B. ...A.,*..TD....(v@.E.a_,((.b...I.]........s.?g.....j'9"Q...@.0_...@...B'.....2.N.n......`.j.^......f/..g..-.<~...$..4^.7.....\.8....7../.bX......")..j)N..2..X...(.p8...T.@.^......;.y.!.jt.}ss.. N.... ..3.~....f.&..1..s...@A.(.3..L....9.!....d.Cc.s.y..=%\.U ...EFA.....Of.1J..&..Q.n.....@.....Cl.q.0'2B..........N...!.x.?/(Na.I<%V..mH.....<G,.+..@...T......jaf|...........B......S.....Kb..C.........tqp..47oh..L.;R...g...r9...\.+|!3aH..7.bh.<~`.|.X._..... ......)..h.=n..........)...pA...tQ~t.<N.0...-.._."....:......, h.k.w.`..b....^...H....5...?!..q..^>(...aV~......l...\..r.D6J8.-.<.....9.ra.9.J..=?.~g...P0.!.t.!Kb.1..J.&..../.G..?..8.....w{.SB.......p{..H.S.cA...V."..\..P....}.:T.up}`..B?L..zv.,K..4+....6......HF.#..d.G.....Hs.c~...5........6.gKl.v.;....`G.F@.N`MX.vL..W.......+.'.....o..J3..X....E...}G...... #3.._.>.-.:..;;:.. ...__obd..D..;....|N........`.
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):14060
                                            Entropy (8bit):3.5550177637207625
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4A080AC1599339B8582B810E44AA6AF5
                                            SHA1:3A75601722F86C23C390EFB2110B4716B654BFB8
                                            SHA-256:FA1D81E4E9EA6FCC863D4549A1070B2DC9F9C973252F7D3278ACF16A031901BE
                                            SHA-512:2FB6906FAEA9FFD247E2F6896F4D497BC72FAE9498B136F2CFB324BC4B17924E07B2C63289AC3D504B242104C5A4940585D27D547305146ED4387CDC0794301E
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:......Y.o.u. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .s.b.a.f.l.a._.s.b.a.f.l.a._.3.5.q.4.@.s.o.w.f.o.o.d.s.n.g...c.o.m... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".........................................................................................................................................................................................................................................................................................................(...*...0................................................................................................................................................................................................................................................................................................................................................................................$.a$.........*...$..$.If........!v..h.#v....:V.......t.....6......5.......4
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:ASCII text, with very long lines (859), with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):20971520
                                            Entropy (8bit):0.007165592241240116
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F189CC1BCD0A708D1B4A9B3AFFFCD1E0
                                            SHA1:18D14657678E4671B6428F1FB1D4A3BA8BF13C00
                                            SHA-256:4C4F943E8604C620B36C916985D32F1FD5DEB44527C12F2461EC6C34E967EDB3
                                            SHA-512:27D2C38BF991F673BF18617E21B351F5B3E8906797164660B6EE78A88D257001AC562D3E76FA6E5A7516CD7292FB4DDC61FC4CB48C87C37D8F754440F385C252
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/20/2024 20:24:55.771.OUTLOOK (0x1B2C).0x1B30.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-11-20T20:24:55.771Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"E5DBCD3E-37EB-4BD5-84C8-C36DB6C67332","Data.PreviousSessionInitTime":"2024-11-20T20:24:36.615Z","Data.PreviousSessionUninitTime":"2024-11-20T20:24:39.818Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...11/20/2024 20:24:55.803.OUTLOOK (0x1B2C).0x1BA4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):20971520
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:modified
                                            Size (bytes):188416
                                            Entropy (8bit):4.882526191605196
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:1CE889E0D0CC9C2C05C0A0E6BADDA870
                                            SHA1:5B4BC148B956504D5203606C4BBECCEC69EBB622
                                            SHA-256:55E19F549F9FBD3A3801AD5C54D3DDE402B7F5CC36E112CD6FB0E1DBB885ADB5
                                            SHA-512:C7B47466AE84DD1A069B1D14FC506AFD3764F127FD74B52E208FC88EDC9CACE18A294D7F4D798FE051DAA10E694A34D9D5DE2CC83D839EC7939D936A5388D0B6
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:............................................................................`...0...,..../.C.;..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y.........../.C.;..........v.2._.O.U.T.L.O.O.K.:.1.b.2.c.:.c.d.d.6.b.5.6.9.f.5.0.d.4.d.9.7.9.2.6.3.e.e.5.6.2.5.5.9.b.f.1.6...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.0.T.1.5.2.4.5.5.0.5.0.0.-.6.9.5.6...e.t.l.......P.P.0...,......C.;..........................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):163840
                                            Entropy (8bit):0.4003156638706419
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:7C9197B787E9CF12717F7020CA65B65D
                                            SHA1:51202A7B8A85DF0A6D99BCF292892DE8111790B6
                                            SHA-256:5F35517C1994E07E426529BB628B4611114B9A1BEB93F9B49E8127C58704EEB4
                                            SHA-512:23D29034F94BEDF8A30C419402F042C82BB45318FEF2032328FC6472E856631370DB2182C15ADC54F4C8E22F03188397A47D2B51603DA28F2482056AC68B0CC0
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):30
                                            Entropy (8bit):1.2389205950315936
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:0AB28B3748444E245A74D61A1349A29C
                                            SHA1:3BFD939B5FBE197FDF322CDEB42237CA2A868645
                                            SHA-256:9C57C0924DD89D26147DAE793092DBC923757555164715546DD9CE70014076C4
                                            SHA-512:8F85384C3EA97CE9C6D4549F061A5DA8DE4CFA0BF2C44D01F7F85355C30A136DABACF11663B83FCAEBAD41C14E7404812F93ED2F6AB643BA230EC022E9B78BE1
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:..............................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):16384
                                            Entropy (8bit):0.6706940961211854
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:0B8B56CC67862EB4ECB62A896EE3B529
                                            SHA1:A0AC543561D0E89A231412C690B23C8488A69B65
                                            SHA-256:35AD5DA3A7DAE9D2EFC842BD4D7F7251DC9FE9585BF42163C802A8545DA8806D
                                            SHA-512:557D71B0FAB46C0731B1767912D6C6F9FD9691748EB76E116F9084F0114DF352E705822D4FC20EE5B2E8B2D7D46A96539E3B952B8D77FBABCBCFCEE76244398B
                                            Malicious:true
                                            Reputation:unknown
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2673
                                            Entropy (8bit):3.9841595339319085
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:E1386EA3D75BE489DE8FF7E3BA59778D
                                            SHA1:1C0FEF0403058C6454AB13EC92EDA2658A460AEA
                                            SHA-256:29C25F01C940B81CB5238D5D3CFF034D6B8D33865CA500A4679BEE4228B0B1F6
                                            SHA-512:849DA8F232A82DC461FF1A7989E607A56DD265ED3204B7D0112C02709287A37329BC5EF0387FF8DB82E13660A5428D66DDF39653BC16F14C54458CA365FF4B18
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.....f%L.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2675
                                            Entropy (8bit):4.000003138334292
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:ABCFDC8C38E92810EC080368B0DD5DB6
                                            SHA1:C144EC22705C88BDD11FD90F7380C86F5C457D9E
                                            SHA-256:9E87AFCAED2D43004066A651E0179B747D75EE03B3EC0E6BA55F94B052F12728
                                            SHA-512:EDB50770727D69F8CF317BA74DA48B668E56C6E24664382884CE2656AD2205EF6C73D1B31763764AD386D0397EBB1D834EBBC5A67E4E1726BA1FB642F2FD9AC9
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.....C.L.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2689
                                            Entropy (8bit):4.0096208654747425
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:6B3540568B3F3F09450ACBC073C7509F
                                            SHA1:25F66BFDBC3BC2ECB0DD7E4795BA5F3543E0E284
                                            SHA-256:D1012ECF6A0DEB129573AFDC89CC2460C684A479AC683BE32DA2331C66F9C1F0
                                            SHA-512:CE0E509FF07A7CD57880611349B294ACFE2A5BEF19062A82B25FD085B3AA55DC9C8F695CE10F0FE8AFE34B689263BAA3BA904EAE3E6F9D434F932ED7495AFD3B
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2677
                                            Entropy (8bit):3.9984299950279176
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:BBC1B6B3AEF1CEDFDE2BA018BD98CC08
                                            SHA1:D703928C4143F0DCEC5F5451CDED1B1AC47CC90F
                                            SHA-256:AEA52277048A77BEB0BA17C45430AF3FF5E23B289BA323B2612390C9DC0F4E04
                                            SHA-512:B4FA3623C7EA3D3D40A5C6642482496EA17A718802DAF21ACC9A832B6D2CA27CE0C9C7B1AF62B75ED4FCCF8F96808A1DD2A777DFABF8F33AC05F1B2649C025A0
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,.......L.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2677
                                            Entropy (8bit):3.987995551497183
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4084201E65822A57B319913D6250FF47
                                            SHA1:D2E12C96E84FF6C49E11F574572E0A11F294281A
                                            SHA-256:30D36A394D7B524E133D7DBAFEA5A1B5E43311A367C2716DEA99801C778671A2
                                            SHA-512:CD23439A8E788416BABC6734C94CD2EBFCC589B44AE59165ED360B8CACF2301E1F971C25F7C58052BE5B8C9588662A20C1F0E63D81504CEFDB344321878E9427
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,....^. L.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 19:25:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                            Category:dropped
                                            Size (bytes):2679
                                            Entropy (8bit):3.9949229679551395
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4C0BC45D79015423865E2B88629BFDE2
                                            SHA1:4045EAE3B55D1F23D68181CE423A3C83978E3FE7
                                            SHA-256:AC3F26E88289FD579786F8D1FF3B6565AD7F94D00684AB9282D51F160F611A03
                                            SHA-512:0A5C1844CB4ADF09108906EADD86EB443C756710F22200FDFCE856464DB5768325E47EC5126F4E43CA8236BFA1E919FD8E0F431D1993ABF545F754F5926A925B
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:L..................F.@.. ...$+.,....k..L.;..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.ItY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY$.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VtY$.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VtY$............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VtY&............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............q......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:Microsoft Outlook email folder (>=2003)
                                            Category:dropped
                                            Size (bytes):271360
                                            Entropy (8bit):1.5273210403847421
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:263E63C360162AD0E8B97835B115FD94
                                            SHA1:202A7AD8CB8CACD86A9FB884407136204DD3864A
                                            SHA-256:BA7137D778515BED36471BC017775ACC6EDF317A68E8AB32AC18EDC19A4316E3
                                            SHA-512:099EE1BBB1E3E74E45A1DF1FDD8E6302E243E6AFF07FF5F580932E3DFD4287B49F26A8260898099026C5A68E41E3B962437E2B6E5AE144AC5F9C62CAFA1DD038
                                            Malicious:true
                                            Reputation:unknown
                                            Preview:!BDN..0CSM......\.......................\................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................H...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):131072
                                            Entropy (8bit):0.9462344277884809
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4453F46A82E4A8B8986B031854B7A952
                                            SHA1:6955F608375EE543F9D73A0CA8483B13D7C277F8
                                            SHA-256:8BDBCD875B42581DD49A8C9BB346BF24CDD65AAAE6BB79EA7470E64612EE3518
                                            SHA-512:04CCD0582B4E2106B28F5237FC4AD608C03DAFB98DCAC04C7A0E17C12EC00D5514FCA4AF224C85B59DB783866ED3C7709F0AE1B5A8E5669AE933BB2442C2C9CB
                                            Malicious:true
                                            Reputation:unknown
                                            Preview:aCv.C...J.......,......B.;....................#.!BDN..0CSM......\.......................\................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................H..................B.;.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 190271
                                            Category:dropped
                                            Size (bytes):61147
                                            Entropy (8bit):7.99541496680743
                                            Encrypted:true
                                            SSDEEP:
                                            MD5:504BF2E00F31AC88E5538508EC5C2EA4
                                            SHA1:0770651459BDE9E8AA1AB4788A383BFC87A18510
                                            SHA-256:43B67DD1DDF9823081A877C2C7A087855A3DDEFA222FDA5C4358509DC34F8EAE
                                            SHA-512:0B77DB6CAB7DF24EAE47B0A8B908DF70126C5B10ACBB92E3FCA7D302D0A5CA9931A1E8285A5A8BAF04DCC6B2620EEF27A6F67C1C298C77EE24471FF494C3BFC2
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:...........y[..8....F.\.t.86Y&...%.$.a..Y......%..d.....U.,.........Z.{uuuu-.M...f..|....O.....4..K.......,..ON.O..c.b...8M|....w.,...a.u.f...K.#.`./.x....<..l.].Y.4.&......b;*x2.......<.....,.V..,..m~..5.#.xc:.$y|yU.iV]|..}..ZP...7h..I..$...<....n......S...G.....<..a....U...+>..yV.e..Bs|.%q....|`..E|..#....vu.....)......2....2....7S..oEe.]'.N.l^EI...Y..HW.Y..|+.Q..{.#XA....|[qt..y.......:Y.0N.......q..P...X..u.v..|uV.(E...ay|>...3..jm<f.~..t=.N.3...V..Y8..|.n8......Of...v\]...*KoT]5.r..M.%G)`{...0tH..8.,..&.=.q..'.....7.....E...!:o.:...x/{(On..D..._.J...a.z8o.......xj.GE.....A..#........$....1.&.st....#=..!..P.O.nTlb...a.eE.k\\.....d..z.F...I^...B.e..r..-XS5.....eQ.@...~....:....$.5..%.....f.Oa.Fu(7.`.tp....?...e.%j..]....o{u.|...D.....x..E..v..&.`@.:|.[D/6...Y]..{....75.6.u...!.".......{.......b.j@.r.r.....uiq...:..\.......f...6.:,.T.V..nj~..Q...-S.........2...W..Ka4..L......'G.o>........`....3w..75l.../y.3../6k.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 449980
                                            Category:downloaded
                                            Size (bytes):122348
                                            Entropy (8bit):7.997663138845818
                                            Encrypted:true
                                            SSDEEP:
                                            MD5:BE7B5C7C290B8A97553908E0501416FA
                                            SHA1:CBA4D69795390D881043AA077FBE08B5527542EB
                                            SHA-256:67D499BED70CF8B504ED4296AA840C79A414A3A1D8273232BFE4E9EF76F72953
                                            SHA-512:10A74945F8970F1EA1EE7591A243618435AA5086E0F07ACF6238BD200BCDE1A51B9E765ABE73085A9040137E0C01F5C4D2BCD17011FFA281B9B4CE6B4699037F
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/shared/1.0/content/js/ConvergedLogin_PCore_IzDt-l0Cuie0gYRUoEk15w2.js
                                            Preview:...........{W.8.....{_&.L:.....t...C.g...,.V......;.|._UI.....u...G.K.W.T.*.J.~...J?.v..?..u..48)].>.:*]..?K...............4.|V..#;fn).JaT..'.fad',.M.....8....fQ.'s...{q..F...Ke..rK.v...N/+U..Am.......^..CR...sX..\... f.y....9..s..8.'..9.{.F.9...Kv.J1KJ.0J.x?..!B.Zcj....8t..s..1.....z!vq6.Ac.0._.J'....>......E..x...x.....g.A...Ts.Y.]..R..Q...c.K.e....Z.Dv.(.......)........Mg....^bq..f......U%..J..aP..........vkF.g=$.,6?|.x..|T.....={..kU'.~p...c....#u?.c8...3..8....|..)..S..d..T...RN...B...B..r|q.?]*.V>l...+..B........d.L..Z.m.N...q..VMw....cX.Y0I....g...>.....)$a.:c..;.<......:@.e[.*....w...Tg......JE..Vm.;......wU...TYf....?.....va8...i....8)W.....X..7..r?EC.h..e.6..D,.GA..W.haU..T..$k..[..2..r./.1,D}LdY=..a.>|k...-OD/.A...}{+'V/..W%#..o(a.S....e!P8..VI."`u.{.]C.q....u.vaA..2.$z%....*.BX...K..l.|.U.Q.....&s\.nT..........Z...LK.~.|."...D;U{6._....T$.C..^|)...e....k2=...)Y! )..+.Y.#%........C..>0.r_oo..%.>1.....\.SV..H..zSF
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 113378
                                            Category:downloaded
                                            Size (bytes):20400
                                            Entropy (8bit):7.980283616044888
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:D5B89CEEC2B024C565802C0E51607044
                                            SHA1:74696825D59F384D3D874638537BB4920FDB60CB
                                            SHA-256:05DC99C6E0751D3A98E970F628C8426A967CF068A4BD681BDBAF6F627D54C7E2
                                            SHA-512:BB683A290B2F506A413BAADCA020A9716299221746B3E6A0D4C9F4BA481B3605F2911C1011F60F0D38D155F8086C3AF51F21D8C0164ECCB911B4531983C544E7
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/ests/2.1/content/cdnbundles/converged.v2.login.min_nin8k2ycrbzww8zl5vxkaq2.css
                                            Preview:...........}k..6..w...R..J.H=GSI..x.9...}T*.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.|.#x......Ag*O.|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P....*.r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u*.F..Oh.lNI..j..T..u...I..._........{.\...{..._|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, original size modulo 2^32 3651
                                            Category:dropped
                                            Size (bytes):1435
                                            Entropy (8bit):7.860223690068481
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:DF6A7721C242813411CC6950DF40F9B3
                                            SHA1:B2068C4A65C183AAD6FC22A44CC1FA449CD355B4
                                            SHA-256:AA53B6DC744357B392FC57C34E516BAE465D4A6837775C137A176D599C8EA948
                                            SHA-512:CDCFB686649F2061FE13A58841EB6A4E17F40951BA0C440C568B248E6128B6E0C4E79F95DC3EAB81286C103ED2A966F7058D22066466ADED482BF9ECAA6EA3CB
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.|..~.|{~...b{8...zv.....8|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g*.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dg*N.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f*;.....Zhrr.,.U....6.Y....+Zd.*R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:ASCII text, with no line terminators
                                            Category:downloaded
                                            Size (bytes):28
                                            Entropy (8bit):4.164497779200461
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:17C4BD96DCB397D1D62D24921BC4FEBA
                                            SHA1:2C0F2AFF858069D582A97867B183EBD5DC8A9FCB
                                            SHA-256:3549DBC06BDD994A38C9A29AECD7E8F9577E2150D15F8D6B0533B4D250666514
                                            SHA-512:9659C4D5B7EF0C852428D3AE8A8EE816438E268E4537FFA70823C9CB2C240252E6D9E863B2AE95F39397172EEFAAA73541123DC9255C9B37FC9437C655F55A78
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlDm2OdwQsymBIFDU9-u70SBQ1Xevf9?alt=proto
                                            Preview:ChIKBw1Pfru9GgAKBw1Xevf9GgA=
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 26681
                                            Category:downloaded
                                            Size (bytes):7404
                                            Entropy (8bit):7.977952929644055
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:F9DA665E2FCCB4C99F3CE459022D117A
                                            SHA1:1BF90016CC2F3E9B4BD947CCD6DB23061B25D246
                                            SHA-256:96D24C0081818B6FB77ADB8FD69D8E786AC4A5DE1EDFE11BC15303051B0FEA82
                                            SHA-512:A21738F12958C58C6723C777A013F206AAB510B446CF376426F1A6C81C02818B40C5FF43BCB9A20CF603D400F481284CC8F834FA80A9485E7735631B78E3D090
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/shared/1.0/content/js/asyncchunk/convergedlogin_ppassword_89db715e3340a2e8ecd8.js
                                            Preview:...........=kw.6...W..=....;isS........ZJ.m..C..."X......w....-'...{.zj. 0..{. ........m.......vq..N..GZ..~../.........`.'......#'...B....,.X.p.h3...N..c6...jQ.>S.'Z.'...h.....bO.91_j.a.|......h.EK.=.Z..R..=.-..0..<.h.-..;...n..6.ZL]._.$...S....P..Y...S.c..j"..3&.; ..{.p,...a.>C..9,..0X.%$r`.o...3m..)..z.p...f.....p..7w.YYfB.kD1.4..cM.+A.5z.A.$Xj......t.8g.S:.!'@<*....?....2...(...V._..531........M....bk.....C.r.%....O.#..f.g'.:@5.e....O.'.u.W.R../.....}&.gi.........l.^....+z.+...Y.G(.P...U......~.h-.(r._.\..h.....0.y2.?|x.........x...,...p......\.f........A.... .|...A<.._.~.w..?.d..w.sBy7L...4C..B..9.1H.`.....2.5...c...7...A.... CDg..E.F....}..$....=......./.@....7...W.1.@..T...%..t...8.YLf.o.. .1...*v.%M........].T.(.Q..D.L.e...K..k?.>.... .5..%tf.....(p..p}w..Kh...%.}...',~.u_..I..H.A....)....-....g.P\j..&g.L.}..R4..t...^......).x.h.:|...!iO.......p......p...0..6`W4$o%..b>I.C(S..6.B...&.y.7...t....].b.%u..sI.p&.O......NNq....$.y.W...G.\G.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 305 x 174, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):30975
                                            Entropy (8bit):7.987951396764268
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:FC41F75B33A3331A26B3807E5FE55C6A
                                            SHA1:B9A31703347AF96441EEBF796B1DFDE26CA1992A
                                            SHA-256:2520150405C9392CD5F32D459888F2A332F02017C2349FD6C1A013A5150DEF91
                                            SHA-512:699B32126FEE8B696457C72BC492C4E026C4D14A03F3544277694BAB60698CDA21FE88F4316EAAC01885632D854BDA33560335597EEAFA4DCB1BE6FE82F31B01
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://f1e241f6-a55f19a1.almajapharma.com/dbd5a2dd-4ni8g3ig25mconw8pcwxsapbwiglpehrkodyd1hgu1m/logintenantbranding/0/bannerlogo?ts=638387028414801764
                                            Preview:.PNG........IHDR...1.........^":J....sRGB.........gAMA......a.....pHYs..........d_...x.IDATx^.].`SU.>Y.e....h.S.D@..E..." ..DEdO..Q...(2.T6.l..i.....&y..n^.$M.$...4..yI....s......(P.@.....(P.@.....(P.@.....(P.@......."0xD.Rk.Ao...(P. ...?.J..o..w..S.5.%....ku>..........(.A.T......[...{P..BF$.L...lLVHL........'..i.yG.R+..g...8...(.. .@!1.....(..5.<.k.(.Q($.@..0..D..@%...d......>..1.d0.j.LI.r...F..|~.r.c.....,....$.3...q.U]Z;g.}.......*R._~.=p.)Yo$..@.^.....N..\&144..{.T......r. ...c._O...,...Iz.[9.b.....;....B.KHL....&.*........Ql<y..U.#.....*...S.o.N.p..V....cS..;.a2....K.(...e.i.s..X.5j...14g...Iuj..'.h`m.52.}W`.........?..........t........Q.|>..R........U....<.;!w *...*..NU*....P2kfIp......kH...Q.1ap.6T.D!Jr.7..(.&..B.vjLe..."SV>...W...."...F. ......7z.c.|......d..\....i.bE..+=..o...... .^...M...(+.P..,.6!.........+_.(.,VP.!..R...=E...,.Z.(.-......hc..E=.....I/.D:..j..z+p...)....R.r......O.....5.......H...V.K.Q....Njc.=\W.M.U._#ooO....U/KF7
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 142365
                                            Category:dropped
                                            Size (bytes):49933
                                            Entropy (8bit):7.995612409551999
                                            Encrypted:true
                                            SSDEEP:
                                            MD5:5B2ADE4FEF94C3EA1CC5C81180DD7B44
                                            SHA1:4EEDEF3A84BF02F7E32018D27DAB692063DB1A86
                                            SHA-256:863036E46527832A3ACCC772EE689AFF68C253C34F2A394CD7194C7958A2E280
                                            SHA-512:304BB1BBD0F7F54ACABAE62643D89292694AF49CFC813EE2AE81601460FD2C4465C1074F88881E7597B96A3C55D95C82F5E318B039896DFBB3376321829435B4
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:...........m[.8.0........OL....;w.....a.....\N.......h.r~........=........,..JU.......T~.l..?..y..2.X9.|xvP9...TN.......?.....qe.OE.~Gn,.J.T....0......r..#.V&Qx_I.De.._.8.+S?N..HL..J......%O..S........(=.gO.|.T.0......6.. ..y....x..*..8..p.T"1...|$.Cz..V.D%.Ie.F....^."..5....c...?..T8..._..b.gs.4....S]kDZ..7.J.V..l}..?.....c...g.A...8.......8.VB..*....^..f..O.*... ...`...H.{.$. OP..S..AC.gVE.I8..).-U.....R...A..%.T[...Fc{..49..If...y.'w.Q.._...X....M/..N...1..=.6...N6..\...gWN.#hN. .w.@}.T....P.....P(...(.,.....U.W6.&.`.....Y=W.j.oaT}p.J`E..$..k....;.k.\^w.w~}*.....jf....5.!....0y........@.L.e..@.......2.^_..g..../..........@.....*]+.*..2.v\.cR....1t.3W-5....$U.j.d....:.M...X......]&.f$.y.T..4.L.w...I.o'..^kZ2.~^,:...B..@...+{.Mx.:k.,m.Q.B.......j....}.2b.KkE.G.a..5......E ...X9..~....uV6....ek.=.<.ADUF!0/."gc...T.&!*q.9L...y:..&`>.....v....6aT\.U.S.q"+!.......Xi.@D2......y0.R.....Vb..)Y!.(..'.iZ.....-waZ^8.v...9......V$.)....{{....@....<%
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                            Category:downloaded
                                            Size (bytes):2258
                                            Entropy (8bit):7.882325820032491
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:DF9EBB027AB2530FB2BA5F976D794530
                                            SHA1:9F5FF62999303D116B00DC66BD06FB1461644C8F
                                            SHA-256:F509E7C9AECE7E8D605C581CB52739CC6538098B5FC9A36BF0167164BE1CAD19
                                            SHA-512:23608E96A05D106C831A91571F0AE4088A7DCA05AC5DE7DA37E895BD98890B923ABF61D924918921FCD66642CE3927838D4FAECC53F56C5C9B86C87136CC4457
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://f1e241f6-a55f19a1.almajapharma.com/dbd5a2dd-4ni8g3ig25mconw8pcwxsapbwiglpehrkodyd1hgu1m/logintenantbranding/0/favicon?ts=638302274536439610
                                            Preview:.PNG........IHDR... ... .....szz.....sRGB.........IDATXG.yT.G........DY...F....$.}A2..c0jb.I@\.&...h0....A.FG....q7n.....Ee.....E....E....9c...G...W.~u.... ..3..D.z..2a.....}...m....... ..T....m\.q.&.....PW.<9.,_......[..c.a..7.F'`.......A..X.!...........=.'4....L.....]..j.X....e...0...G7........c1...P..k.B...=.S........dO.^...wG.....|..Vn!....").p#...{..E=|W`.w_.8...J*`.1.}......-|.c^.PR..!Q. <h.JJ+`.....+.{..L_......E~.~.Wo.!r..Z.hko.O.........bk.Y.Z.c..;X.1.-....L.:..$... q.,.Z5.S.e...x............f..|.^....Z.d.a..8......cZ...I..b..............~.u.+|..!.;A.].{...nb.7.....~:+.....p.V.F.N-..9.9y._...k...z.x.q..3......0.....y..x2.9w...~..+.T..r....f.0..n>.N........G...*@B.,L......"..m(.C.."TT.x..W...{..B-q~a1.7%....U.v-...]...W0m....]...........c..T.~.......B........{.A...}...e...p.j.n..C.....3.h.?...........5qX2.......Cs.&..P..v....~..6..[..^B..T.hn....9..TUm.k..xX\......54.......N.._.`..0i....o`._...k....J....?D....s.<.../.[..d.K..
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 15768
                                            Category:downloaded
                                            Size (bytes):5539
                                            Entropy (8bit):7.958284159991036
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:4A6D5D9A88DD41AB75937B7AB0B44E8E
                                            SHA1:7362FBC5461730200C547FF87322BF5FEFBE483A
                                            SHA-256:76A6648D23A0530CC4B55DF7EA6B3E75EAD1EBA2FC1C62F6E7968C3714F319AF
                                            SHA-512:32CE238894A34FB29917DC47CB8665327F000E9F66FE4FEAC88ECFD10B6B00DFD50B2CC2B0E148D4868D7F78B96A4F16ED7B586B1F653D14DF8444A144B674E0
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_d0a803279e7397bef834.js
                                            Preview:...........[}w.F...?.b.(..c.i....8zI..k..f...$F.1.. ........$!..=.13w..s./>.w........u{g.=...u.....>h./{.F..xhS..7.6....9p...(.D..a..Q.\hS.L|7.FI4.....$....._.X4.At..@.x...s.seZ.....!V..x..'..F.?..z.[..Ppm.z<..'.p.]..$..(..>...6.3..o.47..6..t...AfX..F.($8...= ...'..GDb<.iM..s.D....N..F.<.e.......M....t ...Sk.'wDb.h...M2K...... ..6N.X.o..s...S.....r.`......1..4.c...J....V....ED.7.........p......&i....p...r....'..f......+p..-N....|..E...q.v5.....M]?.7.*_Eg.*...U.._.(RYZ.._U!]9..q..D..bwx....;.c.............g.....h...X.g!....s..."<.M..qd2..oM.f...I.F.=.-..7.9.9...'.n.@.X..+.4.R.M.y.y..',.lg.z...k.fA...B.@..,..;.'9.Z.....!.b..,_..17L.:.R.4.........yL\,..g.tr...A.p$n....S..q..E.......P.#.....pvE.d.....F...x...,`c.V...,~....">....%yu..h'.i..>.g.Nj.I.._.u.{....M......4.p.Y....>.9~.%.y.n..^..<%.h......u'.}.VU......Y.p].\~..d.)..7......./c.Y...S.;..R.....I.....R..C_..&...v.yBD}.$..2..w7M.4....%..(...s..s.M.n..M.q.z.q.pJ..{?.N..F`....
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 3600
                                            Category:downloaded
                                            Size (bytes):1431
                                            Entropy (8bit):7.857939886073344
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:055379D0BD35A817BEE9E2B745370DA0
                                            SHA1:F29BCFA3F56153D62B41A96054CD0035ED150135
                                            SHA-256:4AC84FE75072E473CCACE49B83BB399DAE66E38542F85C6578C33AA879E731FF
                                            SHA-512:E6E3B31B882AEA4C9838703AE01BD5A677C56B3DDDB7687FC11EC38DBF33A6F008478E08FE3F0A468FC52AF3547CB10F75AC3A1F3964CAB6765A4610A0EB30BC
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://l1ve.almajapharma.com/Me.htm?v=3
                                            Preview:...........WMo.8...W.D...V..8N.0A.vQ.M[T].....E.l%J i........Vw...Cb....7.y....2...#..Y..|a.V..'.a.V..L9....3.l....T....T...+iHg...x ...2v.B.X...jP.].=.5.2.....6s.. 2..I2....z.q..+gI..6......_j7:.u.E..n...7.@....."D.3...qn...V..A.E..CGDQ.&B-.jf.....`.[..Rj...Q./Py.X%.l...@..d..a..E.I..u*.uy.}..5y"..f...@......3u|..e.Ve.."O....?.....o..>)......w..gs...<.3.6...*....%..d.Y....Z:-y\.p.8.2..T<-n.)j[.>...t"..h.Z..JC6Y..&.U....Ow`..9..L.1W..\...u0&C..J-.A...&..7.i.H.,Fa.s...E.b.)+.Z.8...Ts.....@s...!"M..".+.8*.:.)..n,...C...1.n..&.!.....IL..iH"..<.'w3...53+.=O$3....lR{.v..8..w.g..G... [K...).....?7...7.....n.I.:mB....}3...hH.......,ncM.X..X.u.M.K.4.b...&li....uQ-.]..5. ;.2.0.}.6+.cb.`.p:!.>.."dM..#.b7.r).>:.n.,.V.....&x...9.ZY..X.m`...V ....p.R|..l.K?...(8.|Uj_...&...i..T....k:....".....,.3.-.]..w...k=S.z....b.....R.4.Z......|P.\h#..Z1..L....).T@.mw.UU~+^0......).L.F..._...D.:..fmF.Rp.cH..$.~wXo...d.hIV*......'^...f!u....T].........I.do}?W....F..Q{ .........ov...x
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 144x144, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 1527x872, components 3
                                            Category:dropped
                                            Size (bytes):184713
                                            Entropy (8bit):7.728230711216853
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9F33822B13945204AB399EBFD38E8D96
                                            SHA1:4E2841901ED22DCA3D329B0E8023E2BF745BAD32
                                            SHA-256:DEDF1E3B52ABF8C9E10B669D73ABE4BF8DBB9B0ADEB8E794E26FDB12269837E0
                                            SHA-512:38AC844603114879D647021B63B381B6E489355F3661A800107AC4B76F70739283C898C2004EF75CBA3D08D6597483D360AAB31AC561C3E57886174B11AAA3F5
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:......JFIF............."Exif..MM.*.........................C....................................................................C.......................................................................h...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..C............>.....~..uM'G.[.mnya.0..DULq..-*.....}.....~....6.8...../.s.?......i.?.Q..).U..v.#?..g_...c..q..rB...?.?.....O..4.;..$./.#.CG.Bs.F.......W..._...G....X.o.t....*..w...........i.w...._.....&?Z?.....?.x.....d./.>.Z.......m...?*..8......P.............gn...|H...Q......K.....k.S.._.Z....9.......V..9X.Q......!;...._.~
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 407099
                                            Category:downloaded
                                            Size (bytes):116437
                                            Entropy (8bit):7.997465653119585
                                            Encrypted:true
                                            SSDEEP:
                                            MD5:B9C05BC397DBB0BADCF84B6915F9B292
                                            SHA1:512D7F1563978DB615CCCC5C55226F5D4627E3EB
                                            SHA-256:19884E703D9E3896263E24E255E70FCEA8151FA3014D9825C5CA60D19D16D1B3
                                            SHA-512:C2CC2FB7E80296BE49ABE5368587B3748A5E39DD225517BC818AB97198850B6465832BE3765C11D68604886478FF84E9ED60E91F039E5E9E80316C0D79411ADB
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_117b650bccea354984d8.js
                                            Preview:...........k[.H.(.}..[..-..c.0DFxHBz.I......O.a...#yt......k...J..&...........^.~...._..j...W;.8<.....]....m...~.}<.8~s.~=.(....qm.Oy.~....jaP......h.F^......|oZ.G.M-...,...a..~..GW|...L....N.(y...Z-..Cm......p.......?.5/.QmS..b^K...jw..8.}..Q.....!.o..8...&X.x-.Im.F.D..U;.....-.T.:...1........8Ka..M.L.ZZ'....>........x....v.S;.<...0J.I.0.G.....B.F..c.k.~....C.:...r..,.w.q~....q......#42V.q..f|.kK...1o.mP.}.......N..n.w6.%^M.d.;...~2I.Z......&..Zk..l...z..0..7..h..'.7.....b..iz....o<?P...Kq\X.S..'...........o..Q...._...`k..7..W...[.l>..X.Y.O....;.".....`..X..r..C...0."...j.........>..-....R...6<...j.J...[.I...M..{..FSw.]..Q/i...3..y{.-..a...h.Eo..cc...O...)~..$...r-m..n......O.......f=..'q+..%L.'......fVW.bQ[.>&^t.O..I.LU....a....&.k.$...;..M...Y~...',.ox.&...f.2...o.L]..9....Ln-...i.+.X.|?..........d.#3.`.l.,'..E..b..Z@....@..|....2D1..,.....bZ....Co.N....^...6x..[....e..A+.......|...5...d...K.....W.|........6.....K.:..x9..s9P.-..!.G..0\
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:JSON data
                                            Category:dropped
                                            Size (bytes):72
                                            Entropy (8bit):4.241202481433726
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:9E576E34B18E986347909C29AE6A82C6
                                            SHA1:532C767978DC2B55854B3CA2D2DF5B4DB221C934
                                            SHA-256:88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
                                            SHA-512:5EF6DCFFD93434D45760888BF4B95FF134D53F34DA9DC904AD3C5EBEDC58409073483F531FEA4233869ED3EC75F38B022A70B2E179A5D3A13BDB10AB5C46B124
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:{"Message":"The requested resource does not support http method 'GET'."}
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, original size modulo 2^32 1864
                                            Category:dropped
                                            Size (bytes):673
                                            Entropy (8bit):7.6584200238076905
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:2D2CBA7D7DC75F3BA9DC756738D41A6E
                                            SHA1:F87FD26066ED5E52A65DEE0ED2D581D3C3EA15AC
                                            SHA-256:00E21864CF1BC70302EBB5B496C6C471A7DA8CBF600630B478A3E2376ED20EA2
                                            SHA-512:46F17658CA247C02F612213025350390D8F62179C8DE26725EB17F5CCFAFDD63F2149DA1765D3C2F3A12FE85EF29CAC58457B0D5C2F8DA8DED6E1231A35F199D
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q...*..~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1.....*.#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:HTML document, ASCII text
                                            Category:downloaded
                                            Size (bytes):315
                                            Entropy (8bit):5.0572271090563765
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                                            SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                                            SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                                            SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                                            Malicious:false
                                            Reputation:unknown
                                            URL:http://safrareal.com.br/favicon.ico
                                            Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:downloaded
                                            Size (bytes):2672
                                            Entropy (8bit):6.640973516071413
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:166DE53471265253AB3A456DEFE6DA23
                                            SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                            SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                            SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/shared/1.0/content/images/marching_ants_white_8257b0707cbe1d0bd2661b80068676fe.gif
                                            Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, original size modulo 2^32 513
                                            Category:downloaded
                                            Size (bytes):276
                                            Entropy (8bit):7.319344972980597
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:44D8807C223B5C6DEF6E75A602F314EF
                                            SHA1:E061C196D771661D6C47336C50EAFE2B3BA14130
                                            SHA-256:BA9816D7AF3E3B0EA5B6B34BAA0C99FE5EDCF4CA9BE30307AAA2956F994A8B1E
                                            SHA-512:E71B16643B2AC3DC315D1EEF21B9054A71F35E9E2E1DC0D36ABC08F4BDF1A9D3C3D6E9D35D06217966647367DCDD7709EA92B558CE407422FC13B4C33E12E3E4
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/shared/1.0/content/images/arrow_left_43280e0ba671a1d8b5e34f1931c4fe4b.svg
                                            Preview:...........Q=o. ..+.......=t....E.k["...../g;n.,....{.......2....*e.......J).*8..).5.....>,.ih...^s...&M.Ta..m........C.N5.G.!.-...}.9.~........u.3..@i..qK.U.......E.........S.......A.....6...G..g...,f3g.5F..I...G@<..L.:`.N&.?R....d..(.7._....z.L.......s....
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:MS Windows icon resource - 6 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                            Category:downloaded
                                            Size (bytes):2279
                                            Entropy (8bit):7.354295352983905
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:7E0D59593F3377B72C29435C4B43954A
                                            SHA1:B4C5C39A6DFB460BBD2EACCEB09EC8079FB6A8E2
                                            SHA-256:62D706019A0D80173113EF70FBBEE12F286E8E221534BE788448AADA4B14C8E8
                                            SHA-512:397416A6A96A39F46F22E906A60E56067E5B7B11FB0597A733F862FC077C88D5ED31F51A82709A56F6082FB1F2F72F9A0FE0849E3DD493BB4240C265B546AAD3
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                            Preview:............ .....f......... .$...|... .... .5.......00.... .j.......@@.... .....?......... .....2....PNG........IHDR................a....IDATx..1NCA.C..D@."-en.!.h..8@..9h..".....5M....h..-..l..L..P.Y.^luw...r.(.........w...B({....&.F......N.f%..........^&.x}Zu........g..7m......n?..U`....@.M8.g.-..|..S.K.!....].%.I......&.I..`...F |o;....{S....|..VL...E*....IEND.B`..PNG........IHDR..............w=.....IDATx..AJ.A.E_.5...D..$'....<.g.\...!.].!..Y....4...B.......4U...Q..J(...y....%..[t;..>\...~....O....r......e...F....8.d9....4.x.x*W..e...c...~W..P2.........[.....r<..,..>....q.\...U...v.'......!.1.....9..:8............I.I.d.......IEND.B`..PNG........IHDR... ... .....szz.....IDATx..AJC1.E.{..... .;..>\..q+.. ..N.j....."8k.P..IF...M..{.8..F..Z.q...~.y}...0.f..U....Z...@yd...4......DT.B..)......v.8.....)..Lq.[....]_jrG$...3.%......i.vU...C...h0.....rz^.].....9..5.....mU~.E..GMF.X....?..Y.U..|.c.k.v>..@.h..........Nh.u......IEND.B`..PNG........IHDR...
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:gzip compressed data, from Unix, original size modulo 2^32 57443
                                            Category:downloaded
                                            Size (bytes):16326
                                            Entropy (8bit):7.987366580233851
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:210F3C4E623D333CB94746CEC563DE09
                                            SHA1:887911B0BCA564AFEC25787B44A98F16EBF7ACA3
                                            SHA-256:4792643ECEBF0EEAA641474C9A1BA39D16D2F924C6B5A6FCB8FC443A5FE59F44
                                            SHA-512:A5E1705DFFE4359F5920F540207C06B658CC12B80A9FEBA14503430CDE090947E5EB231C99922A76DB46664F2D448A23DF7C05C26CA89A264F30073F2812611B
                                            Malicious:false
                                            Reputation:unknown
                                            URL:https://25ea7021-a55f19a1.almajapharma.com/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_1yb3e7oii5t28dgo4xrtow2.js
                                            Preview:...........}Ms#.......\.@..'F.........C)$....`.......Q.x7...}..'.}..?e#...QU]....Vo.................?........w!......=.G...P.../......8z....q._5....g..}g..31......l*...],.b..;..`...Y....3..5.uGAi..NP.6<.w.(..`...y..d.N.x..^u.....^...?..N........Fq.....z..wgN./..Ep/f..c/.D4~X.W~).s/.E8...T...8,:..Q.>............4....F,&c.)n.[.pcQp...4...6...i.............CkL=....'.\..L......2.A..o.u..."*p.. Xx.......'l.[w..'c/^.FP.....q.h4.R+X.x...d..M.}.Z,..RP..E.T......8 .v....Iw.X..?.r......nk....?Wj..a.|..........JAs.j.7.....?.)..t.z.-..m.]..3y...3@.3YO.KSz]...4.b........V..+.%.[.&........l.H>G.^<..{.$"..-.i.........`qcw...`.[....as[.+.X...n..X..%,:......am."a....^o@@.`].....( (b...k..B.0.....AX.D.?...,..-<@k.;..(*..C.]...:.nn..8..s...."4.. ...J...P.n....F.3G..u..;9&.{.2.80.XB.....@.qw.:../.`.P?.+t..w6.a~..7...8k..U._......k,..o.....yQ..r.....}.E...B.r......?{...\fB....-.).Fb.;.p.N?(..P.?..p....F........)p..,`l...o@.;.x.....:..f.E....<0..#K\...K(?K/OX
                                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                            File Type:GIF image data, version 89a, 352 x 3
                                            Category:dropped
                                            Size (bytes):3620
                                            Entropy (8bit):6.867828878374734
                                            Encrypted:false
                                            SSDEEP:
                                            MD5:B540A8E518037192E32C4FE58BF2DBAB
                                            SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                            SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                            SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                            Malicious:false
                                            Reputation:unknown
                                            Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...
                                            File type:CDFV2 Microsoft Outlook Message
                                            Entropy (8bit):6.661623234697365
                                            TrID:
                                            • Outlook Message (71009/1) 45.36%
                                            • Outlook Form Template (41509/1) 26.51%
                                            • Perfect Keyboard macro set (36024/1) 23.01%
                                            • Generic OLE2 / Multistream Compound File (8008/1) 5.12%
                                            File name:SBAFLA TeamCALL marcia.main__ (lo).msg
                                            File size:158'208 bytes
                                            MD5:5f2f901d5af359fdfd7a560f77e46973
                                            SHA1:2c79129c62f86bc07c0a2e73ba5b7a430472f90e
                                            SHA256:5e2d46920e0ebcb83e22e4fe5ac8f23a1fef3b17bd16a36230a5fb23475ec278
                                            SHA512:827fff0f68c9b37c5df5c6bde1217c7e8c63b5562210c6a6b9023c8eb2f5942188e6a9bc1c7ac7723535d3b4d819282be46a9eafbc72ccc51a4eff6ac68bacd2
                                            SSDEEP:3072:CznuS8WOYFU1v8UoWDAR4NiKBImHTB+J1W:CySrOYabVAR4gK1B
                                            TLSH:97F3392265F93126F177FF3908EE469365327C82AC289F4F2684374D16765E0AC61B2F
                                            File Content Preview:........................>......................................................................................................................................................................................................................................
                                            Subject:SBAFLA: TeamCALL marcia.main__ (lo)
                                            From:Request Meeting <Sbafla_Sbafla_35q4@sowfoodsng.com>
                                            To:Marcia Main <Marcia.Main@sbafla.com>
                                            Cc:
                                            BCC:
                                            Date:Wed, 20 Nov 2024 20:22:50 +0100
                                            Communications:
                                            • You don't often get email from sbafla_sbafla_35q4@sowfoodsng.com. Learn why this is important <https://aka.ms/LearnAboutSenderIdentification> Warning: This email originated from outside of the organization. Exercise extreme caution when clicking links or opening attachments. When in doubt, please report the email utilizing the Phish Alert Button. <https://www.google.com.kw////url?q=queryh6qh(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2fsafrareal.com.br%2fyoya%2fpeaed1yfcu5lrni4alggwoyea1eixud6hafuq/bWFyY2lhLm1haW5Ac2JhZmxhLmNvbQ==$?> . . . . . . . . . . .56056 ???: ?? ??/KIKUKAWA YOSHINOBU <kikukawa_cfi@mii.maruho.co.jp> ????: 2024?11?11? 15:29 ??: ????? (EBC&M LLC) <fumie_odagawa@ebc-m.com> CC: ?? ??/HAYAKAWA YOSHITERU <hayakawa_cvz@mii.maruho.co.jp>; ?? ??/URATSUJI HIDEYA <uratsuji_cpv@mii.maruho.co.jp>; ??? ?/Kanakubo Akira <kanakubo_dss@mii.maruho.co.jp>; EBC&M_????? <S_P@ebc-m.com>; EBC&M_????? <B_P@ebc-m.com>; ????(EBC&M LLC) <yasunari_hiramatsu@ebc-m.com>; ???? (EBC&M LLC) <mika_sakaguchi@ebc-m.com>; ?? ?/Takizawa Masashi <takizawa_etb@mii.maruho.co.jp> ??: Re: ???????????(11/11) ???? ????????????????? ?????????????4??????????????? ?????????? ??????(15?) ???????????????? ?????(15?) ?????????? ??????(15?) ?????????? ???????(10?) ????????????????????????? ?????????????????? ?? ?? (Yoshinobu Kikukawa) ??????? ?????????????????????????? ???????? ?531-0071 ???????1-11-1 TEL:06-6371-8913 ??:090-9877-7682 E-mail:kikukawa_cfi@mii.maruho.co.jp https://www.maruho.co.jp/ ????????????????????????????????????????? ________________________________ ???: ?? ??/KIKUKAWA YOSHINOBU <kikukawa_cfi@mii.maruho.co.jp> ????: 2024?11?5? 14:16 ??: ????? (EBC&M LLC) <fumie_odagawa@ebc-m.com> CC: ?? ??/HAYAKAWA YOSHITERU <hayakawa_cvz@mii.maruho.co.jp>; ?? ??/URATSUJI HIDEYA <uratsuji_cpv@mii.maruho.co.jp>; ??? ?/Kanakubo Akira <kanakubo_dss@mii.maruho.co.jp>; EBC&M_????? <S_P@ebc-m.com>; EBC&M_????? <B_P@ebc-m.com>; ????(EBC&M LLC) <yasunari_hiramatsu@ebc-m.com>; ???? (EBC&M LLC) <mika_sakaguchi@ebc-m.com>; ?? ?/Takizawa Masashi <takizawa_etb@mii.maruho.co.jp> ??: Re: ???????????(11/5) ???? ????????????????? COI???????????????????3???????????????? ???????????????????????????????????? ???3???????????????COI????????????????? ?????????????CC?????????????????????? ????????????????????????????????????????????????? ???????????COI????????????????????????????? ???????????????????????????????????? ??????12.??????????????????????????????????????????????????? ?? ?? (Yoshinobu Kikukawa) ??????? ?????????????????????????? ???????? ?531-0071 ???????1-11-1 TEL:06-6371-8913 ??:090-9877-7682 E-mail:kikukawa_cfi@mii.maruho.co.jp https://www.maruho.co.jp/ ????????????????????????????????????????? ________________________________ ???: ????? (EBC&M LLC) <fumie_odagawa@ebc-m.com> ????: 2024?11?5? 12:56 ??: ?? ??/KIKUKAWA YOSHINOBU <kikukawa_cfi@mii.maruho.co.jp> CC: ?? ??/HAYAKAWA YOSHITERU <hayakawa_cvz@mii.maruho.co.jp>; ?? ??/URATSUJI HIDEYA <uratsuji_cpv@mii.maruho.co.jp>; ??? ?/Kanakubo Akira <kanakubo_dss@mii.maruho.co.jp>; EBC&M_????? <S_P@ebc-m.com>; EBC&M_????? <B_P@ebc-m.com>; ????(EBC&M LLC) <yasunari_hiramatsu@ebc-m.com>; ???? (EBC&M LLC) <mika_sakaguchi@ebc-m.com>; ?? ?/Takizawa Masashi <takizawa_etb@mii.maruho.co.jp> ??: RE: ???????????(11/5) ??? ?????????????????? 3?????????????????????????????????? ??????????????????????? ?????COI??????? ????COI???????????????????????? ???????????????????????????COI??????? ???????????????????????????????????? ??????????????????COI??????????? ?????COI?????????????? ???COI???????????????????????????????
                                            Attachments:
                                            • babababa.png
                                            • ilklil.pdf
                                            Key Value
                                            Receivedfrom a4-3.smtp-out.eu-west-1.amazonses.com (54.240.4.3) by
                                            (260310b6:510:2d1::23) with Microsoft SMTP Server (version=TLS1_2,
                                            HTTPS; Wed, 20 Nov 2024 1922:58 +0000
                                            Nov 2024 1922:53 +0000
                                            Frontend Transport; Wed, 20 Nov 2024 1922:53 +0000
                                            15.20.8182.16 via Frontend Transport; Wed, 20 Nov 2024 1922:52 +0000
                                            Authentication-Resultsspf=pass (sender IP is 54.240.4.3)
                                            Received-SpfPass (protection.outlook.com: domain of
                                            Dkim-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
                                            h=FromSubject:To:Content-Type:MIME-Version:Date:Message-Id:Feedback-ID;
                                            FromRequest Meeting <Sbafla_Sbafla_35q4@sowfoodsng.com>
                                            Subject=?UTF-8?B?U0JBRkxBOiAgVGVhbUNBTEwgIG1hcmNpYS5tYWluX18gICAgKGxvKQ==?=
                                            ToMarcia Main <Marcia.Main@sbafla.com>
                                            Content-Typemultipart/mixed;
                                            MIME-Version1.0
                                            DateWed, 20 Nov 2024 19:22:50 +0000
                                            Message-Id<010201934b070192-f225e0e1-0f3e-4708-b62d-57f558d72332-000000@eu-west-1.amazonses.com>
                                            Feedback-Id::1.eu-west-1.zbOnDvwxfhupsOyQste+8zpivM1AyjXdyBIt95ublyA=:AmazonSES
                                            X-Ses-Outgoing2024.11.20-54.240.4.3
                                            Return-Path010201934b070192-f225e0e1-0f3e-4708-b62d-57f558d72332-000000@eu-west-1.amazonses.com
                                            X-Ms-Exchange-Organization-Expirationstarttime20 Nov 2024 19:22:52.7623
                                            X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                            X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                            X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                            X-Ms-Exchange-Organization-Network-Message-Idcfde169f-6aae-46c9-62c8-08dd0998baa6
                                            X-Eopattributedmessage0
                                            X-Eoptenantattributedmessagef51e233e-f153-41f3-931f-987da82e38af:0
                                            X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                            X-Ms-PublictraffictypeEmail
                                            X-Ms-TraffictypediagnosticMWH0EPF000A6731:EE_|SN7PR22MB4026:EE_|BL1PR22MB3610:EE_
                                            X-Ms-Exchange-Organization-AuthsourceMWH0EPF000A6731.namprd04.prod.outlook.com
                                            X-Ms-Exchange-Organization-AuthasAnonymous
                                            X-Ms-Office365-Filtering-Correlation-Idcfde169f-6aae-46c9-62c8-08dd0998baa6
                                            X-Ms-Exchange-AtpmessagepropertiesSA|SL
                                            X-Ms-Exchange-Organization-Scl1
                                            X-Microsoft-AntispamBCL:0;ARA:13230040|22003199012|4073199012|15040299003|5073199012|5063199012|32142699015|8096899003|4076899003;
                                            X-Forefront-Antispam-ReportCIP:54.240.4.3;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:a4-3.smtp-out.eu-west-1.amazonses.com;PTR:a4-3.smtp-out.eu-west-1.amazonses.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(22003199012)(4073199012)(15040299003)(5073199012)(5063199012)(32142699015)(8096899003)(4076899003);DIR:INB;SFTY:9.25;
                                            X-Ms-Exchange-Crosstenant-Originalarrivaltime20 Nov 2024 19:22:52.1686
                                            X-Ms-Exchange-Crosstenant-Network-Message-Idcfde169f-6aae-46c9-62c8-08dd0998baa6
                                            X-Ms-Exchange-Crosstenant-Idf51e233e-f153-41f3-931f-987da82e38af
                                            X-Ms-Exchange-Crosstenant-AuthsourceMWH0EPF000A6731.namprd04.prod.outlook.com
                                            X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                            X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                            X-Ms-Exchange-Transport-CrosstenantheadersstampedSN7PR22MB4026
                                            X-Ms-Exchange-Transport-Endtoendlatency00:00:06.4030738
                                            X-Ms-Exchange-Processed-By-Bccfoldering15.20.8158.023
                                            X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                            X-Microsoft-Antispam-Message-InfoOPxwinKkTESbL/biSJyl9C1ZNxXvht9OAQ0wYQ3IT4Apph9vHJTsTpQfBezEoAv+odIUzPI16uwunCEPxVccwGC4xRb4E37SsKF15hWHgWpLoT+hXiy6Qq0ocRyi9cd6pQY6YhTIej4bcvQoicGLe8FIJyjaFJdGDO4ttGYxLc1MTBOJmRinZI2RN2a04laICgWVx2qH0wrXcKQVzOhy7dXb1u+WrnoOav40Q9s9RkgkstRjEXjB3bVNX6oC5E4bIw1ygesM/dC743+UG0BtOmEWaaR8tns0jI/S6nbWuKNZJ6zlUzmrLOqVZcDpzkArPYze7YtEXgRzgi5YJlzRzAlz8dJ81vrl4n6VgTBAYx4TffqzX15DYcgRKIL4emxSm7RYO0jejheDLJxBX1oL/gELQ8nuv/+cLWIt5exEqsOI+ssanjRgjqR/qAfIBDNksHnxpBwiM2nadQNvPb3ind5tqWEbB3YEzBa8+d4rtFQdWQVbglwfuBDhZdqIB/mE+m/61GNueFgo5WDQM2Ao2kAjyc1upZwrU6MeSvW87E9JanxxhjCjp4Wks6rv9l6PU3ABVrt1VlQJJFrzm7PChE/ywnmOS+KapxYzcRl2Jgx/yWvc/APpn+aXUwof8L0Jx77sj5lVCvnynim5XKTIut+GoRWEk89B0Z13R3acTuMyJrhvfMfphwBTHODjvRI/TK700mbCGm8qKqjRRSdt7fRp1YzzXMukkxrM44qaXY3BymhQQ3cWOYLAnRtfaZzdwtSgiYl5mYUzBnPuks2OOEt2TPEpz9F46Jf5LGNJWvBTYL0kUN7Q1DWT7gom+GLjaowK6oy4wfBZEBCyAPpiEt0ID3hr9ZOCDiswSxVnWUphxFmHSL+vM+QESvPLDhw90ogUuetlgs5zKazURICBblKTPHJsjy4RL1FRfMU+ZuylM1+ivOC1mMC1fcH5zyWpkimUFF4GnVgO8VMkD1Ib5g39mU47ULwGbM2DT+bWkgh83prtLgC9qwDMaRtWVYlK2STRYMn9WiggL8utWCahZ4MfZR54WnvBFIIY6/2I3kPWLZckkHtMEVGeUlu/mVY2pEleGLOnqvTuuiQ7LlHWZo5vh6xfaIrUefWz8eGT7EvWbBtNQx/0sZbKyiSkMc7Hi2kuzNtjMT+dKZMji7d3GwQ8ugm7+JcOvp89KVTt/K3dN3SmOrScEw3Er54o+TwAmDecj8bCUzTMoQyXRtpdE1+1ywMWbcHuUMXa/zKFXCeqRx5zliEZvdsI7+/Nzl3Fp9nMGkCjW+U0wGqTtB8l05gZ0ZxeD0p1fQeMgCgEfi8LaYfiW8oRKbS1gJuqZX7zxZ+Z+RDL/foJvjZeIrI+G1DFsPvMHxVuYnE6T3NHdoW3vqOLNsm6nAhEMDVHJ3k6RnlbZWqzpqQBoexhvT110PlSIDfKLyoCfowf+zSVrbsbU/VXkOeQmEArF/1XL7oj0aykizN6NJtd4bpobSwrRGAvZ/axoMkSKGPArgUVjOfTEEBul4WvOdOyV/20BWPhc2k507mIwGOVP1PVg1fvEZ7WrnkaIwKcslwpBtk1uTH4fzmQ5Q/s+1VJgNXwgcuJyPTJewJ3wpsw5F8ktsSZbHu5CHyoagXP2ou0YNjb9mbon902Dn+ijoSJJnQJX3VyXi3c7sPyJ36I4WS02eeunCwjyfTH1GozclEMIxfM6fTjrvy+Q2oAUZ/D5cTC2KahgHu88Uwg6uqhSzul8a/jWTdQAPQ+SsmIcww3TTmwV86b1rfWKcaPEEyIRzyCzNgA1ja2vhK9zQnx8YEQ/FspCsLqvNo5YJsdKo2DNz+cpw72cEMyfN6uU/d0eZjAuPDOYQYlz+hqYaRyhIofMERKhZ3r+A99iTQS6GPZpQMOvMeBHc8iFHEp88RkItVN7Gx7KcopGiyk9Sv28Z9VNdRSaGXyPQlS774rhWBvO4ER8abifGqRwY7PhjmEowER13KiJ/beHMU4HdCvw7iRzEQKm58dlzOEnENi9FxU8goWPaF8Z9ZRQwiy4pKJ4RJPstJ32MpNSENwITquMPsJqRjaPQ==
                                            Content-Transfer-Encoding7bit
                                            dateWed, 20 Nov 2024 20:22:50 +0100

                                            Icon Hash:c4e1928eacb280a2