Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0 lazz.msg

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0 lazz.msg
Analysis ID:1568498
MD5:9f344d12395a40c4778c6d553ef88744
SHA1:01d010b42b9b9290bbea431fb8f76f0aea9615ee
SHA256:cd442aa4a33bcb644eea9f45d794106d5b1592db12d4ebe8f7acad3ef5e72943
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6988 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 lazz.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6404 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C28447BB-5454-4CB9-8A1F-490E9940EA37" "20A7967B-129E-49DD-8E0E-A560BC5FEC8C" "6988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 4988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://powerforms.docusign.net/8a9cfd80-0a52-4a8b-ab04-d0df7438fa47?env=eu&acct=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&accountId=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&recipientLang=it MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 3688 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1896,i,8975072533289051865,12011831519549534772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6988, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://powerforms.docusign.net/8a9cfd80-0a52-4a8b-ab04-d0df7438fa47?env=eu&acct=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&accountId=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&recipientLang=itJoe Sandbox AI: Score: 7 Reasons: The URL 'powerforms.docusign.net' is a subdomain of 'docusign.net', which is associated with DocuSign, a known brand., The brand 'Itancia' is not directly associated with DocuSign, which raises suspicion., The URL uses a legitimate domain 'docusign.net', but the presence of a different brand name 'Itancia' could indicate a phishing attempt., DocuSign is a well-known brand, but 'Itancia' is not widely recognized, leading to potential confusion., The input fields are generic and do not provide specific context to the brand 'Itancia', which could be a tactic to gather personal information. DOM: 1.2.pages.csv
Source: chrome.exeMemory has grown: Private usage: 1MB later: 28MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: powerforms.docusign.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: docucdn-a.akamaihd.net
Source: global trafficDNS traffic detected: DNS query: eu.docusign.net
Source: global trafficDNS traffic detected: DNS query: api-js.mixpanel.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: mal48.phis.winMSG@17/54@18/123
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241204T1115370537-6988.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 lazz.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C28447BB-5454-4CB9-8A1F-490E9940EA37" "20A7967B-129E-49DD-8E0E-A560BC5FEC8C" "6988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C28447BB-5454-4CB9-8A1F-490E9940EA37" "20A7967B-129E-49DD-8E0E-A560BC5FEC8C" "6988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://powerforms.docusign.net/8a9cfd80-0a52-4a8b-ab04-d0df7438fa47?env=eu&acct=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&accountId=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&recipientLang=it
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1896,i,8975072533289051865,12011831519549534772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://powerforms.docusign.net/8a9cfd80-0a52-4a8b-ab04-d0df7438fa47?env=eu&acct=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&accountId=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&recipientLang=it
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1896,i,8975072533289051865,12011831519549534772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Modify Registry		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api-js.mixpanel.com
130.211.34.183
truefalse
    		high
    www.google.com
    		172.217.17.36
    		truefalse
      		high
      eu.docusign.net
      		unknown
      		unknownfalse
        		high
        docucdn-a.akamaihd.net
        		unknown
        		unknownfalse
          		high
          powerforms.docusign.net
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://powerforms.docusign.net/8a9cfd80-0a52-4a8b-ab04-d0df7438fa47?env=eu&acct=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&accountId=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&recipientLang=ittrue
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              52.113.194.132
              		unknownUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              172.217.19.206
              		unknownUnited States
              		15169GOOGLEUSfalse
              1.1.1.1
              		unknownAustralia
              		13335CLOUDFLARENETUSfalse
              130.211.34.183
              		api-js.mixpanel.comUnited States
              		15169GOOGLEUSfalse
              172.217.17.36
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              20.189.173.5
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              216.58.208.227
              		unknownUnited States
              		15169GOOGLEUSfalse
              23.218.208.109
              		unknownUnited States
              		6453AS6453USfalse
              52.111.252.15
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              2.16.149.13
              		unknownEuropean Union
              		1273CWVodafoneGroupPLCEUfalse
              2.16.149.12
              		unknownEuropean Union
              		1273CWVodafoneGroupPLCEUfalse
              216.58.208.234
              		unknownUnited States
              		15169GOOGLEUSfalse
              64.233.164.84
              		unknownUnited States
              		15169GOOGLEUSfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              52.109.28.46
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              64.207.216.225
              		unknownUnited States
              		62856DOCUS-6-PRODUSfalse
              2.19.198.17
              		unknownEuropean Union
              		16625AKAMAI-ASUSfalse
              185.81.100.28
              		unknownGermany
              		62856DOCUS-6-PRODUSfalse
              52.109.76.243
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1568498
              Start date and time:2024-12-04 17:15:05 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:19
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:phish_alert_sp2_2.0.0.0 lazz.msg
              Detection:MAL
              Classification:mal48.phis.winMSG@17/54@18/123
              Cookbook Comments:
              • Found application associated with file extension: .msg

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe
              • Excluded IPs from analysis (whitelisted): 52.109.28.46
              • Excluded domains from analysis (whitelisted): config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: phish_alert_sp2_2.0.0.0 lazz.msg

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):231348
              Entropy (8bit):4.389625226608627
              Encrypted:false
              SSDEEP:
              MD5:34BC4CBAA377E18261353B9A085C5F1F
              SHA1:FF8A544AF4FA3662E9300D404D6CD4F6A03761C1
              SHA-256:C114180BD224462ACE5EC8CD4957B61B8F38432BC2C1C633B8B50D00479754A1
              SHA-512:72A2C036B85C4F503104CEF7E496FE6CABDAD6212A0F1FF8330AB216256786FE034EEFD8F5E8EA7952879B263D41A48D0382113FF323371F2C5A5C99A3F32859
              Malicious:false
              Reputation:unknown
              Preview:TH02...... ..n.gF......SM01X...,....=.gF..........IPM.Activity...........h...............h............H..h4.o......4:....h.........\..H..h\cal ...pDat...h...0.....o....h.2............h........_`Pk...h'3.@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k_.D.....e.....!h.............. h-.y[......o...#h....8.........$h.\......8....."h.\......0_....'h..=...........1h.2.<.........0h....4....Uk../h....h.....UkH..hP!..p...4.o...-h ........o...+hc-....(.o......... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

              C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:XML 1.0 document, ASCII text, with very long lines (2163), with no line terminators
              Category:dropped
              Size (bytes):2163
              Entropy (8bit):5.083526072563054
              Encrypted:false
              SSDEEP:
              MD5:435F35FD40AE5EFE81B3AFCE1CA24167
              SHA1:18C1D18734ABF8621C21B62787A187F934B3642F
              SHA-256:E5DFF826E33685BDFDA2EE21BF68E506AA1E423431F71C323E665A3663D9DD51
              SHA-512:05E5095B5F71ACAE40B317165EC0479D8FB8EE7F937CE16816B9FF647B94E7E7237318A4D72FD60B2ABFA57F6BB1900C5394CAC5DAA4D01BC3253BFCDC569D1D
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>14</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-12-04T16:15:41Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-06T09:25:29Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:25:29Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:25:29Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

              C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:JSON data
              Category:dropped
              Size (bytes):521377
              Entropy (8bit):4.9084889265453135
              Encrypted:false
              SSDEEP:
              MD5:C37972CBD8748E2CA6DA205839B16444
              SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
              SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
              SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
              Malicious:false
              Reputation:unknown
              Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

              C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Montserrat\26023618743.ttf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 26 names, Macintosh, Copyright 2011 The Montserrat Project Authors (https://github.com/JulietaUla/Montserrat)Montserr
              Category:dropped
              Size (bytes):263192
              Entropy (8bit):6.14696135609082
              Encrypted:false
              SSDEEP:
              MD5:9C46095118380D38F12E67C916B427F9
              SHA1:FF1EB5D360A42C0C675D8ECFCA9A3E5B709D302A
              SHA-256:81EBC3916B524007B756D91D9DF13C7673EC401161F2CAD161662D08DCF1CC72
              SHA-512:66C32CE2E7A2006CA731CCBD7C116BCE255E664F5AE5E259C7204C2154F9A6A76ACA2A73583403033910CCB6ABA454D1A1D12050E2F5880EF4B54F7AD2BE798B
              Malicious:false
              Reputation:unknown
              Preview:........... DSIG............GDEF.6.b...,....GPOS..........4.GSUBx0m...8`..=<OS/2U..B..u....`cmap......u....(cvt /R.H........fpgmM$.|.......mgasp............glyfw*.y...$....head.F.n..i(...6hhea...7..i`...$hmtx......i....\loca..~........0maxp...Y....... name..9....0...]post.B.......WJprep.K.....8...............V...a...H...J.....................................................0.:...<.U...W.Y...[...............................B...D.K...N.s...u...................-.../.@...B.g...i.................................................7...9.;...=.p...s.s...u.w...z............................................................................................................................................................./...1.2...4.5...7.7...9.:...<.B...H.H...J.J...L.N...P.T...W.[...]._...a.d...f.f...h.h...j.r...t........................................................................._...{...........................!.$...&.'...,.F...J.K...M.]...{.|...............&....DFLT..cyrl.$latn.j..............

              C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Montserrat\33107994939.ttf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:TrueType Font data, digitally signed, 18 tables, 1st "DSIG", 26 names, Macintosh, Copyright 2011 The Montserrat Project Authors (https://github.com/JulietaUla/Montserrat)Montserr
              Category:dropped
              Size (bytes):261588
              Entropy (8bit):6.175102663024726
              Encrypted:false
              SSDEEP:
              MD5:88932DADC42E1BBA93B21A76DE60EF7A
              SHA1:3320FF5514B32565B0396DE4F2064CE17EC9EEA4
              SHA-256:C4C8CB572A5A2C43D78B3701F4B2349684E6CA4D1557E469AF6065B1E099C26C
              SHA-512:298E1E171DBBE386E1ABE153446B883C40910819099F64F54DC9FAA95D739BE56839537342BBE8DD8408545CB1F8C98878A3524D91AF1F11A112D1BFC202657A
              Malicious:false
              Reputation:unknown
              Preview:........... DSIG............GDEF.6.b...,....GPOS..U.......4.GSUBx0m...8...=<OS/2V.F..u....`cmap......v0...(cvt 3..=.......fpgmM$.|......mgasp...........glyf3He....X...head.i....c....6hhea...u..c@...$hmtx~._...cd...\loca../X.......0maxp...M....... name.g.........9post.B....L..WJprep.K.....................V...a...H...J.....................................................0.:...<.U...W.Y...[...............................B...D.K...N.s...u...................-.../.@...B.g...i.................................................7...9.;...=.p...s.s...u.w...z............................................................................................................................................................./...1.2...4.5...7.7...9.:...<.B...H.H...J.J...L.N...P.T...W.[...]._...a.d...f.f...h.h...j.r...t........................................................................._...{...........................!.$...&.'...,.F...J.K...M.]...{.|...............&....DFLT..cyrl.$latn.j..............

              C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
              Category:dropped
              Size (bytes):773040
              Entropy (8bit):6.55939673749297
              Encrypted:false
              SSDEEP:
              MD5:4296A064B917926682E7EED650D4A745
              SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
              SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
              SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
              Malicious:false
              Reputation:unknown
              Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (65536), with no line terminators
              Category:dropped
              Size (bytes):322260
              Entropy (8bit):4.000299760592446
              Encrypted:false
              SSDEEP:
              MD5:CC90D669144261B198DEAD45AA266572
              SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
              SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
              SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
              Malicious:false
              Reputation:unknown
              Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with no line terminators
              Category:modified
              Size (bytes):10
              Entropy (8bit):2.8464393446710154
              Encrypted:false
              SSDEEP:
              MD5:0DC05D22614459F855D2EBBEDED2343D
              SHA1:5855E8433A7BE709A9F6A6F2877BC53A0F676F1B
              SHA-256:384945B2A1EAA55744FA0127B08B9FDC43798BDD13BD15E117FB16D6975466E4
              SHA-512:8ECC328338128A27A05BDE0B06CD18A60A42EAC07DF5A387CE60E685648CB91305494A1925D3EB195A47B78EAD60362507DC37E3C56555C43BD0484A9861409F
              Malicious:false
              Reputation:unknown
              Preview:1733328945

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\941D5E3E-5B70-4E65-AC28-98744CD54DCC

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):181859
              Entropy (8bit):5.295307559683961
              Encrypted:false
              SSDEEP:
              MD5:EF27368E5363951DEC9592CD46DC6B67
              SHA1:AD98F4E8FCAC8CB8D7E7D8F236B44F8F756809F9
              SHA-256:517232C15F946C25A71A712CF5906702115AD7F32AC7D5956F0393AC3BF1B846
              SHA-512:3BCE5E49BEDD0E4C09C4E9071EA8A2CB5532FD4DD8D4CE59667D39F5611750F373571E182E58023AA791424CAB3236C480E812DFE28BE7220CB334A85361D0C1
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-12-04T16:15:40">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
              Category:dropped
              Size (bytes):4096
              Entropy (8bit):0.09216609452072291
              Encrypted:false
              SSDEEP:
              MD5:F138A66469C10D5761C6CBB36F2163C3
              SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
              SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
              SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.1370048545379396
              Encrypted:false
              SSDEEP:
              MD5:7423933DF70381EF7F1B69F7C90EEEB9
              SHA1:840D2ACF8A32253DF064BE604A167E8A02429CFC
              SHA-256:B9B3AEEF4D720C02B18EAF134BB3224FEF549383A1664835AA7C1D99C7F6A319
              SHA-512:7ADAEA9F2C6161DEDF2F648C460F0B869D67CBFB355A4909CA47738069D6C7E628E416256A62524A0327986FD0FFE3D84874576061A567BB4D7AE9A5FE05ED4A
              Malicious:false
              Reputation:unknown
              Preview:.... .c.....V.F.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04470641479249482
              Encrypted:false
              SSDEEP:
              MD5:1EDEAED36904913CDB99EF77E28D471F
              SHA1:E2958DEF607A539ACDC9F91F5AE792C9D4BD99C2
              SHA-256:78F692AA9B1435467B174CF48F0F1621AB80B55AA77EF5262E136F2AA9297512
              SHA-512:F4281D023FF8E1C694BFBC883637A50148AB7A447F21255F95CAF2663ABE089775351F5018B8CE3EE087A3854786632ABFC125C5652446839332537BF378CEA9
              Malicious:false
              Reputation:unknown
              Preview:..-.....................;+..:......O..-oa~I._...-.....................;+..:......O..-oa~I._.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):45352
              Entropy (8bit):0.39524423381693813
              Encrypted:false
              SSDEEP:
              MD5:C106F3E530634F4B9131B057B63E3464
              SHA1:0C8997FF23CC1CDB7EDF72102142C1513CAE442B
              SHA-256:79040CCFB828B54FF5E3118E55D8A98BFF33B04E1C01346F4D89FDBA4C0DAAD3
              SHA-512:2AE2596D87979C2F4D1E2EFB64ECC8A6D1BADDF80A299D364A81D0D303AB0E060E5A18B0320C583678E191247817AA9B03FD21D05E94680CF208A9E85AAA74F5
              Malicious:false
              Reputation:unknown
              Preview:7....-..............O..-..................O..-.0..`...SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):2278
              Entropy (8bit):3.8386933431255756
              Encrypted:false
              SSDEEP:
              MD5:41ABEBF36F3DC9C992AE0DD8E0A824F2
              SHA1:092EB13AFFF8144E4AB4E606F51CF5FAD8873B15
              SHA-256:58944946C37D94B9A8F3BBB4140E5E3933483892B0B2E0C978FC9E85F8FC60AA
              SHA-512:EEB1E6BCE1D142500DE4C6017BB8C0255418C8063E7C74C004AEC7F1DB6803412FE6FC30D53F51D01F26F1CB93DD2416C05C0531142438A662E065E469DDFC08
              Malicious:false
              Reputation:unknown
              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.F.w.V.J.X.B.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Z.N.a.K.F.M.

              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):2684
              Entropy (8bit):3.8903446108897963
              Encrypted:false
              SSDEEP:
              MD5:9CC606661572C2053B239AD4E1DDA5F4
              SHA1:02050E5633B2B1094B6F41BE1DAB03C02381B316
              SHA-256:E2E1EFD68FAD2C8815B88F723D876F5551479C5966631EFCE1B76DB1CEEF67C1
              SHA-512:17EAC71A6BA8DDF4EA68B4927D001C6F7E583CC3FF953FE2C0F8FD63017A815CC35B8E08FC4F8E037F76135BE116B60FA9146EB281CD05C723D679D62482C890
              Malicious:false
              Reputation:unknown
              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".H.B.+.J.P.D.l.l.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Z.N.a.K.F.M.

              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):4542
              Entropy (8bit):4.0049834717224995
              Encrypted:false
              SSDEEP:
              MD5:FE545F56AC271274999D4D50749063AF
              SHA1:9E52682A1136263A927AD337ADD23B350EBB27C0
              SHA-256:B0038E256B525297BAB51811AC87D0CFBB5D91434C683BDFE8B13E4E2D04D906
              SHA-512:EF31E87BE6B1F50B14D019405C404DCEB9A477D52635C490E2739D238985CB9D2A4105116CFFDD67A356B01E5C1768D61D1D0D9B0A8B4632639B80D1EC1D002B
              Malicious:false
              Reputation:unknown
              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".y.w.H.x.C.m.h.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Z.N.a.K.F.M.

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\849E4F93.dat

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):514
              Entropy (8bit):7.439998627403446
              Encrypted:false
              SSDEEP:
              MD5:11CA770C5C80CAF3F9B4480D75528A44
              SHA1:BA408803568A9FE4CC0819A1612D87174EB1913F
              SHA-256:7403FE58C5514B0CE6BF8EF7BC5E1F47A1BDB41C4E6BA7CFF94B9FD4B5F4314A
              SHA-512:B39BB6684EE029C14458D047BF4014BD86D2BDE64CC2E24E226839B715F08192EB59EE2A52C4FB03B7911D172FD079E2485AC2E2DB90A89FDBAADE112AFF2D54
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR..............w=.....IDATH.....Q....{...,L(.l$.RJQ(.!.h..a').VIR....6.....;.J.4.Hb.....y..yg.{...=..{..<....j.V.c?v`.V.'>..zx...['S.`-.0........e.P...+.i!.1...X.,[.esU.)....{.?.AN.#..R...8^...G......2@....MQ-.5..b.6..z\...ox.k.+C..8..\..0..k.-.a'V4.;..../.y,.&..(.c;vG._7h.Z^.....Q..jx{R...........5.GSxK.....ex2xs...).............T.N..o...).|).....:a.c...w...5...E.p'......~.P.r........PX.0..'r.......i..9...V..l:O.m.....s)...Z.....d..tv...~....a4...?.PU.V.......IEND.B`.

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\858E848F.dat

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:PNG image data, 617 x 37, 8-bit colormap, non-interlaced
              Category:dropped
              Size (bytes):938
              Entropy (8bit):7.386599181009949
              Encrypted:false
              SSDEEP:
              MD5:514494CA2A7AD0CB29ACDD4711DD9E4C
              SHA1:C7610A9B06B5C58511F6AAFB307163F10C16A19B
              SHA-256:8540BBE2A908E354AE6B2F885E3186EBDB42FB624A724B7CCF84721C404D65B7
              SHA-512:A87F8167997F8C73D0CF552EC9D2A326C5D28EB31F2416139D378C0310BC62B8750ADF2C578493B07B4AB9CFDC70D0D0A296451B5D9CCF6F79423A5D906F2421
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR...i...%.............sRGB.........gAMA......a.....PLTE........................................................................fuq,B<:NI.D>Xie...Wie.0+'>9.3-H[W[lh.50,B= 82L_[Whd.0+'=8.3-G[Wfvr-B>:NJ/E?Xif......................7tRNS........................................................Y......pHYs..........o.d...KIDATx^.Z.j.0.4.....CN.*.5.+....].Q.M.^:.......v....<N.R.7..q....?.4|..N..<M.......E....y....4. )M......Vy.B...s.4A..6N.+..J..E.0eQk.4.>My...&..{..K....2g.3..i> ..1...y....x:.OGA.J{[S:[.BS...T......R5,CZS.WSZ\.%. ..4FU....e.P4..n1..*..<.$.R5-.wOs......8...E...<M..B.i...6..e..`c.V.4...n..T.*.%...i.t.. =.../.?...0I.OC.t...Ro.X..o..q.y.K..%f....a.l.%......o."..b..lR..?x......R.....a...F....a.B......2..c...0..3f}8&...t-S.Kj.4L...Aa?%.....fAa...o...H.&...)....+12.....i1...s..%..o...?..0.o...<...~M.3...8.g'_../k_.N..-.kJ..i.....B....(...7...o.../g..0..'...S..Vi....IEND.B`.

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\95199C78.dat

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):626
              Entropy (8bit):7.552609099912519
              Encrypted:false
              SSDEEP:
              MD5:CC6284FC4BE2C15D9E06CCCD087E0D20
              SHA1:E9F2D5A0FDED73DB896D52CD02E639C41DE1CCE7
              SHA-256:28F36612E25A303E0E8020000CEE4BE5F62FEB39AC1C3FC0729C6C25533F9B79
              SHA-512:745CF6773D4D0E8817700347ACAD75A84A2A6E3AB9FDDD857DD0BDC2C1B6818049B2A0F20E47ED6994AD32D90DF0598F799E7760B74B8381451AC9B4CE6BA1A8
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR..............w=....9IDATH...OHTQ...3O.&)H%.&"..!..#+#"h.....n.(-.p..p.hR. .8-.....PQ.....i..6.-.....8........}.Y<.y.|.}..o......n..(...l .X.f.I.5..x..d..2.n.<......W....T:......S]4....]a....`#..N.?....2.^.oP....m..l....D......Z..mJ.....X..&.R.c.w..&......Ud.Ty.H.FA..Fz.io..P..H.M...-..L...oSz.$...*1.lZ.JY.Y...3.v.pV.\..}..5.(>...-..."..~....1.....?~ ..J|OQ.M.#.[...{..C.|[.......@.....(.]....2.?LQ7..d....:#}.>.M.%NHk.1....7q.?}BKo.3s_L.m...2.$...\/.$..5..g..ST.K.OqT..\Y..../._5......u.g\...?.?..%..v.........j..'.E..51.............%.......d.d... .M..r.......H{.V.C5}....IEND.B`.

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\A47CD146.dat

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:PNG image data, 124 x 32, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):2276
              Entropy (8bit):7.872120142729934
              Encrypted:false
              SSDEEP:
              MD5:696485606019E2356ED92EE5C9139422
              SHA1:54FA47189A3387C231BBD1C4E83F871ED7AB4918
              SHA-256:DA732AAD7085EEA9EAFA6BA860951BC5122A5FB68F453C14B77EB8D38DA88C86
              SHA-512:C04B0F35D9FCB9C36834B99DF06AA598B05AD351011737C01161AA4A941907E4FF18EA6865F947230D5DB2D5F49B7CBC56D4FAE691CE03D1AB75C0BDD74D416C
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR...|... ......R.2....IDATh..[..\E..z.(.V..(...`.....L..).......^$.Dd......5.A.....E1H...e.....i...j...Ay.R.........s...........3g......I ../..C.a.r.n.'..=y...l..w...8.#...l.><.kV...IN..0.G.._-....................j..K{=.q.....0......9}.T.7...^l...T......^..........F]6.K..+;.......8&iz............z.".u.|.>........m.f....xC.S.......\..5..1..Q.p*..D.6.~G../...1.._.p(......zM.3.<. .......'..'D...pG...(..pln....w.q...#J......Z.5....8+...]G3.v.....s..U..eT.Q..rN.4Xk...,.4...}X.w..g.....~.2.......1....D...'a.h....1.o..!..B.iI.y.........9..V..,...2^%s.Az/...&..W.c....~..<.c.......jK._.#.*.....A.'y.B.{.z.b.z...8.......*Q.Q...q.....9.j..H..T.&'....gE../XCJ.A....y.*:..I.....}'..s,`.d..S.._..lsuT..F}:.7%M.k......k.g.R..RE+....E.,.9.....b..9.:.ge..^ l...h..U.......[Cx.I..2.Wv..M.mvms.S...........|...........'...7H......{.D....$7...B..Ju*..qv......s....+.5..b..R...G.b{p.=.>..8..ue....wCh.A.x...T....B...HJ.V.g....3i.g.i7..KH.F}.@+-X

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\E5CC219.dat

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):595
              Entropy (8bit):7.619830744862888
              Encrypted:false
              SSDEEP:
              MD5:15C8A2C4E56EFEC99E64BF08BF7DF210
              SHA1:E9015BB4B4452035C3F1C6AE3293FC7217143B8C
              SHA-256:24C146BF3B8DF8DCFE432F75C9625C894CE95845D9DBE2FD4A6E3DFA32CE1957
              SHA-512:C89E3CAB273A76F7FC69AEF68415693E369BF0C55C7BB345CBFFBB07FBAA3C96394844F67A4008FE890A207A5992F0441AC62C5322304257264F612912FD6081
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR..............w=.....IDATH...M..Q....}.$..k.&%d...BS...vL.ba6.#5V6.2.KdK6..|.Y(.H,.!.|.:.L.N..e.u..<...s..?..u.nT...MX.E..w..3..:n.W.M...1..(..a.....r.5x.=-.'..)..i.K...o`^..y........\...$/.......#N.j8;.l......%.{...\.Yx...9....EH1.........A..j$..H....y...><)...i..........E..X........s.co....V.q.G....#...:...(..K...264..).[r$E]..7BR.....E.W..$..p...+.....%?.."...X..F........a../..R.....T.E.y...x<T...Q\.p..d...O......dA+..w~XD'.......D...^.b...<..(.?..h4......|G...@.'cB...t.Iq[r........q..x.#U...%!Iu .b2..-q.d...R.JR..~..ei...3....IEND.B`.

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\F4ED6B5A.dat

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:PNG image data, 251 x 49, 8-bit/color RGBA, non-interlaced
              Category:dropped
              Size (bytes):2549
              Entropy (8bit):7.880156172440368
              Encrypted:false
              SSDEEP:
              MD5:C2D5FDFD343A72962234CB0A1B2FCA12
              SHA1:B7372A6DD50B5B067B05E6D8AF6C8558B21C95DA
              SHA-256:79FCAA5C61BFEBD8B837798D86806D10A47F6F5817A6E9ECC70BA3061E553EED
              SHA-512:B0A1F261B635EBCDC0D63DE6302B0E0C024A6B07003042F45A57E2464580B96CB10D9612BE94CAFF9EE40175889B2969207679DBC4230AEAA3E0D3ACECEB742B
              Malicious:false
              Reputation:unknown
              Preview:.PNG........IHDR.......1........t....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..hTW..3.L.....Y.....#.J.S.T...."..Z.."...]Q...DW4".%D.. ........U..R....k.n#.A..Z....3......I^.LRc.w>0y?.s.;..{.9.)....a.Y.Y.....3.A`gg.....0.!)A..._.>n.).L.a.f.1...pQ5"...wT.....Jvt......-...T......3;..e.... ..3.A`gg.....0....a..;;...vv.1....c..... ..3L.......B,.....,.u.'9.D...a.7^....I..s..w..e$..K^O.o...a..q...3.tt...L1i..zm}..........cAX\.L...Y..j##...a.,...&........Q.6..Y.kv.(6.bk.Q,....n..E.bymd....~.Q..Qy..#<H.....1c...@.........3.^..F.....K.\^..+..C.hn,Pb..{.8.c.5dL...e.:.#c&.......R.~......PV..Y.........w;.X...v.`.%+.1E......wr......T..FODV...@k<!Dr.;....Y&.Xp>^...U.X..H..7..#b\...|2...3P.V.3..z.8... ..F.,..G]T.Uh....0......q......*.v.m.1O.......Tt....~.%..:a?T..bS.~.4.9I.`e7.A;..P5.p .-Mvx....0...I1.l.#.?..`..W....HYV.<.....^a.1..=......K.=N..pp....g#... ...9.."9=wl.:D.[H.0.F..4..#d...0.r.-.SE.fhrh.C...9I.h..F....$c|......UY..cS........

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{127DE2C4-34AE-4BC5-BA0C-686C6855AE7B}.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):9728
              Entropy (8bit):3.468006696456676
              Encrypted:false
              SSDEEP:
              MD5:68E08DD4FA86AA676CA546724468AAA8
              SHA1:DEC1F7C78475155E4E0CF7EF7356ECEF2367D77F
              SHA-256:03FCAAF47A2B06C697A267E2C6C750749294A8A9CFCF0C1BE857135EC4ED55E8
              SHA-512:34B41B1ED8E389F5288A586FEF30142C01DDBF7D128DA9445AF4A8C680719C0E1524918E562CA46EBAE86EAF98860C6F057ED807C23E1C031C014648ABE6C450
              Malicious:false
              Reputation:unknown
              Preview:....B.u.o.n.g.i.o.r.n.o.,...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0...f...h...........>...@...H...J....... ..."...T...V...........................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1733328937756494600_9E28777B-F680-41B7-BF24-BDA76734FA73.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (860), with CRLF line terminators
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.019354209718213826
              Encrypted:false
              SSDEEP:
              MD5:D715292B95CCDAED1A19DD0956B68D6E
              SHA1:8B189D7CDED0283A1316D8D4EF7F8AFD8FC40130
              SHA-256:F5B9B0015C53FD474563A4C654DF30A0A7F27435A7C6E3A31F60AC66C6425C4F
              SHA-512:8BE4E1B94A34C00B144749085AFC8E7932744EE54F95AA2D89B9504DC24C1AD8D907A6ED5818D2D94BD81E509C7CEEBEAB0B68D582784C9157FB42CC16C01D1E
              Malicious:false
              Reputation:unknown
              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/04/2024 16:15:37.777.OUTLOOK (0x1B4C).0x1B50.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-12-04T16:15:37.777Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"44732BC0-DC5F-4D87-B5B6-E981B1A8330B","Data.PreviousSessionInitTime":"2024-12-04T16:15:19.281Z","Data.PreviousSessionUninitTime":"2024-12-04T16:15:22.343Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...12/04/2024 16:15:37.793.OUTLOOK (0x1B4C).0x1BC0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1733328937757185800_9E28777B-F680-41B7-BF24-BDA76734FA73.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
              Malicious:false
              Reputation:unknown
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241204T1115370537-6988.etl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):188416
              Entropy (8bit):4.855734734840833
              Encrypted:false
              SSDEEP:
              MD5:E1B9DB7D84B73469BA92628FF5D704E3
              SHA1:0DD7BE92D2010BD79EADA40026FE54A48DCF44F2
              SHA-256:28F5AEF02691AE8A100B6438B3D180E599C5363F804D44CA461F9C6A8BE16E53
              SHA-512:FB0550A3AE67DD17EBE12E94AD43E7FE7727589C8E59A072C192C56526711BACD1415D464857560516B643CF2D0D3C6B54E74E742BD1F622B4B1A223EFAA738C
              Malicious:false
              Reputation:unknown
              Preview:............................................................................`...P...L.....@.gF..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................P(s..Y............@.gF..........v.2._.O.U.T.L.O.O.K.:.1.b.4.c.:.1.9.8.1.2.5.1.4.7.e.b.9.4.7.a.1.a.8.3.e.d.1.5.6.0.b.5.1.5.c.0.0...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.0.4.T.1.1.1.5.3.7.0.5.3.7.-.6.9.8.8...e.t.l.......P.P.P...L.....@.gF..........................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\~DF332CACB7349903EC.TMP

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):163840
              Entropy (8bit):0.30931383443781924
              Encrypted:false
              SSDEEP:
              MD5:C49684E1DEB9A5229BB69F9E9D99D5AF
              SHA1:0F374C2FC83B7C466435F6DF43F459530E43AB99
              SHA-256:785D5360AD62C55825CF281FD9D92B1A93CEF771C356059AB5AAF6908CD93CE7
              SHA-512:8BBF79057BBBDC98AAFCA5EE07F84B413DD4EBAD480AD603FBB8818AA9B6ED403A6F666AF939007DC238970203C753002760331E7025AD63CAE9727817FA1904
              Malicious:false
              Reputation:unknown
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):30
              Entropy (8bit):1.2389205950315936
              Encrypted:false
              SSDEEP:
              MD5:4AEC40D7634FA7FADD5874CC353F47FD
              SHA1:797AC7C3264FC10CE83DCBC5033128FCCF893FF2
              SHA-256:C2ABAB62073DAF608A4B62E60D59ED2876F21AB700411211DE98915FBD873862
              SHA-512:D1F085BA8724A01903FDD14670F2F0AFA9883A4B445BBB6E4A693484CCC3666F0F3E304A78451A87BB4AB6564FBB1D69837B7E2EA087CB564E862461C2564D59
              Malicious:false
              Reputation:unknown
              Preview:..............................

              C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Composite Document File V2 Document, Cannot read section info
              Category:dropped
              Size (bytes):16384
              Entropy (8bit):0.6694922782213004
              Encrypted:false
              SSDEEP:
              MD5:79F649B12866162CDEE7FE360B22C942
              SHA1:980A392066280C7F949C29E92BD6B2BB04C0FF19
              SHA-256:842B546E05CBA38536040E87E8C13DE8D90E38A549C012709702C8744040FD9F
              SHA-512:139258A61A231381714D168E3F7583FFB581970F65706DA271C05D0E6B870C7AE1DCE227A6932627DACF7289B7E0B272B80FAC29F2F9D5FC58AFB2484772A97A
              Malicious:false
              Reputation:unknown
              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
              Category:dropped
              Size (bytes):14
              Entropy (8bit):2.699513850319966
              Encrypted:false
              SSDEEP:
              MD5:C5A12EA2F9C2D2A79155C1BC161C350C
              SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
              SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
              SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
              Malicious:false
              Reputation:unknown
              Preview:..c.a.l.i.....

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 4 15:16:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2673
              Entropy (8bit):3.998223552933169
              Encrypted:false
              SSDEEP:
              MD5:C092C33BD44C8FA69E0DCCBBE06FCE37
              SHA1:C1F80ECE89E62F3826241CBAA6C59D3AA9C9DF5E
              SHA-256:0FC8DB995A1765110CFAE7719840A35CEA72731FC6D2865EF0598339C705D2B0
              SHA-512:09B49C20E7650D226E6C9E62D98CE774FC9217CAF0D918DCCC0D052C075DB7E4B5A6E2F9C23BABF7E76A3DECE6892CDA9EA9C698D5244BC8BDA7DF2D228BB8E1
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,........gF..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 4 15:16:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2675
              Entropy (8bit):4.013649823268797
              Encrypted:false
              SSDEEP:
              MD5:0A338A05B783B88CD7AEF5915F127D4A
              SHA1:92A133A7458306DFFC7EC2500476FAF6E7C84B02
              SHA-256:6C2D734C9869717A18A958B8D5FEBBAD89A7EA31523810AB0F229A840C91F35B
              SHA-512:07630BF8FD886EEC98278B0BD1BBD1C528C9E0D91F179E64BFFD09B3ADACDDB634DA9AC0A3B57889318E6410301FFDE4FC06FAE6279400B7D935A81BC59305FC
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....^!..gF..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2689
              Entropy (8bit):4.019913545396391
              Encrypted:false
              SSDEEP:
              MD5:B25AA760BBF1423FF721ABAD54F90130
              SHA1:CA947E666B80DB02D3A24E0802C6A9B699F0FD91
              SHA-256:CFED2D70BCA48E6595166DF99B28B1926C3293A9A6A6D7E7F2CAA2C15A219145
              SHA-512:7A5ED818C4733D0818D8A6B50DDC44BCA2CAAB931E203A15AAC6C370B99B7DF0DD61CDAE8AE44687A6F2060A0C6920571EC84153A53384FEDE8DEDCB8D6B9DF0
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 4 15:16:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):4.012132858003908
              Encrypted:false
              SSDEEP:
              MD5:6AAFD89CCCB52B47B376880AC2CB98DF
              SHA1:DE1AD2A4BB0F720F813F71C59A119A80B5AD4506
              SHA-256:B628720576BDDF62C827AE4BC1D4B9400E158F8E06FA2A5A3A0531B34E40EB03
              SHA-512:4A8C5BF8C4829D3779CA6A710B88B867E7BAEDDB457CBF9E2810D7266699BE0736B8315AEA0592B2AB29D59D7DD7CA910DF4F4EA5CE9CB733DE8752506EB5F55
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.......gF..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 4 15:16:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9976693345184984
              Encrypted:false
              SSDEEP:
              MD5:EFD066FDC238B07EE64D4B8379E6A830
              SHA1:09A6E3220BC22040D6B003ACF2ECBF0391E559D8
              SHA-256:2EA2648C3507A35D596C8F03A107E3710B58EDE41B944E919CAE33816ACA35C5
              SHA-512:50AD7ABBDF54D6F0E6D7D49319BFBC4CBEEAF37E912D3BA258DA5BA2A44E933D5242FFA4DF7838DB10FABD8B0CEDE6C482B0C44414DAFF03EBBFB87FEDEEC29F
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....U...gF..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 4 15:16:48 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):4.007581620230018
              Encrypted:false
              SSDEEP:
              MD5:0A9C9122DCA413D0CDD67EB43DA4E4D4
              SHA1:F4163DDC20C3CE382AD2A70C10C698B12FDE01FB
              SHA-256:5FC637D09508FA4DC41E048497F5EC2064257CFC324900A6FACB14BF5597FD4A
              SHA-512:BE312325A834744CD279CD187360058D7E4F6A1045FD841107D39EA8C716AFD7DAA7588AAD2D642161F2FA1C0752EA304CCF9CA710B3EA9FE784CAA1C01B3201
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,........gF..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........S..z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Microsoft Outlook email folder (>=2003)
              Category:dropped
              Size (bytes):271360
              Entropy (8bit):1.470792883831239
              Encrypted:false
              SSDEEP:
              MD5:B724E83AEC32ECF9F5AC67E9F6715BB0
              SHA1:D53F0542BA0EC0465D03545E42A654467066AB7D
              SHA-256:A0AD0AA814384266A28ED2A381B802DC9D7AF69E15593DC7B043AF44539FA488
              SHA-512:B915505CE99A1A55E55A9279A21151DCFBC6DACA1E570328D4BDBD170B2B06FCCF5F3546B7D15F5C931AE67B27C69419A52A37753D5E200983D88D73F562B73F
              Malicious:false
              Reputation:unknown
              Preview:!BDN.s..SM......\...E....7..............Z................@...........@...@...................................@...........................................................................$.......D..................................................................................................................................................................................................................................................................................................................................$........'?py.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):131072
              Entropy (8bit):0.5906810362755093
              Encrypted:false
              SSDEEP:
              MD5:5CDDCEB9C3BFACCF223ED7DC8E0ECD98
              SHA1:179DE6EAEA39A1D20C2EBA0DD5CB00BAE116918B
              SHA-256:73B85F6A8071DC86DA5B185C8113FC2E573C3B1109DC9390D11D3146A51BBB45
              SHA-512:6FF585986AA112A3DBE02C32196A6B741642DD1C0612D84D525A2A91B48F5194DC73C200E1A73018699AD7731D27704B50697A50EC383C45BCA88BCB672F3804
              Malicious:false
              Reputation:unknown
              Preview:...0...S.......L...hB$.gF.......D............#......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N?A.D.........C0...T.......L...hB$.gF.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

              Chrome Cache Entry: 100

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (1945)
              Category:downloaded
              Size (bytes):1997
              Entropy (8bit):5.038926922712568
              Encrypted:false
              SSDEEP:
              MD5:29624B52F014F3C76F1DA93FC85A3AE8
              SHA1:7D653EEF61FB50FCE9E5CCDC37F0273270970B43
              SHA-256:1E55F6E561FB482BC984782F7A8CC2B12F751658A7768940422BBBF039D9CD05
              SHA-512:07C77E4BA737F943C754986F0AEE8D400376C4283482FA92C0E35305BCAA3D2856D1AA0F899D3C65898680335CCC1734D3CCA6BD2859074C3B40276E826CD7D3
              Malicious:false
              Reputation:unknown
              URL:https://powerforms.docusign.net/static/css/main.70a50682.chunk.css
              Preview:.form-group .label,.form_unit .label{display:inline-block;font-weight:600;line-height:18px;margin-bottom:4px}html{box-sizing:border-box}[label-required]:after{color:#d13239;content:attr(label-required);padding-left:4px}::selection{background:#bad3f8;text-shadow:none}.form_unit .btn-select:not(.input-inline),.form_unit .input-text:not(.input-inline),.form_unit .input-textarea:not(.input-inline),.form_unit .select-wrap:not(.input-inline){display:block}input:required{box-shadow:none}.input-text,.input-textarea{-webkit-appearance:none;appearance:none;background:#fff;border:1px solid #868686;border-radius:2px;height:auto;outline:0;padding:5px 8px 6px;width:100%}input{line-height:normal}button,input,optgroup,select,textarea{color:inherit;font:inherit;margin:0}body{background:#fff}.form-group,.form_unit{display:block;margin:24px 0}.footer_container{background-color:#fff;border-top:1px solid #ccc;padding-left:24px;padding-right:24px;font-size:10px;color:#666;overflow:hidden}footer{display:bloc

              Chrome Cache Entry: 101

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JSON data
              Category:downloaded
              Size (bytes):318
              Entropy (8bit):4.698143029383065
              Encrypted:false
              SSDEEP:
              MD5:1337B4C51AA2AD0F42B24342C82EEB01
              SHA1:A1DB51A38A475395899723A4BB000E6C3D138977
              SHA-256:8DABEA98165C5716A4E4A82A2764A901BA80EF42A89DB02789DDF572935E5BBB
              SHA-512:1B45CF1F8161428B7E3AA1BF1E2F815EE1273CD7231B24F844B1309DACEE7F9F4F81A4FBCBA3618E23D15E428F21707A1BA5D71D6660FBBA53C14077CCDE8889
              Malicious:false
              Reputation:unknown
              URL:https://powerforms.docusign.net/manifest.json
              Preview:{. "short_name": "Powerforms",. "name": "Powerforms Landing Page",. "icons": [. {. "src": "favicon.ico",. "sizes": "64x64 32x32 24x24 16x16",. "type": "image/x-icon". }. ],. "start_url": "./index.html",. "display": "standalone",. "theme_color": "#000000",. "background_color": "#ffffff".}.

              Chrome Cache Entry: 102

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format (Version 2), TrueType, length 31468, version 1.0
              Category:downloaded
              Size (bytes):31468
              Entropy (8bit):7.993603561926699
              Encrypted:true
              SSDEEP:
              MD5:B70FB054C362CBA0FE0E6233920555E4
              SHA1:C1C2CDF248E7042B196EE18512C1DE9418ED61F2
              SHA-256:C2DD95A4FD1D3569F219994B8BA845A5AE065733B80619B87157FA7BA97CCB74
              SHA-512:FBB77AC8709799B21EE698C88914A30E449BC37EAA2042A76D450A1FF27A8C9AB48376B539E8DBB67C9BE04DC18379FBCB4A4BCFF388BFFAB689AEFE1DAB570A
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/fonts/3.0.0/DSIndigo-Bold.woff2
              Preview:wOF2......z.......h...z.........................?FFTM..6...B..t.`..V.*..e.....L........6.$..(. .....3..M[.J....{.....t..?.:..O.%x....&c.e.(c.E....q`.}.8.......$..3. m....z......;\.g..<X'."..X..+3<..5sbc.'e.c...uj..X.. .r..)..."(M6I.U...l.$....pWI.TI.T{..:..7..?L.jL..^...qh1..];.........fE.[...-...]/jX)._X.9....J.d...Vm....1.v..i..[.v..m..TQEG."...."Dd..]60......".{.f\.B....3....,..;u:...E`..:./aZ....$_......Y..E...^.A......p..E....@u...$-a...X....PLP!.M.d..=.1..6..I{...(.......K........(f...'<.,..$2.D..I.....Q.r`.-.`l..Y.n...2.....B{FoF.. *QJ..J..".. !6&....)N]..m.m.OW.........4.Z.0.!-s...GbD......B#1..C.....e).E-.{' ~W!...TH.F(..;X..S...g.cH.w...$...5...GFA..Y..P./*...c:.w...k:......D.O.T.u.t...?8.Y....$=C.F......P.Ue....=\....+T..g...6A,..........Ey^ ..p...N...c.C...................qhdV.J....a...d.6.MyxA........KY...Y..F.@.t.:...1.6...;.C.K.4(..{.i..}7.5KD....q,;i...(YF.$>....wZ.S.EQ.EQ.EQ.EQ.EQ.E...t:.N...t:..i.T;vO........;....tlE0....

              Chrome Cache Entry: 104

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text
              Category:downloaded
              Size (bytes):1672
              Entropy (8bit):4.923778798002874
              Encrypted:false
              SSDEEP:
              MD5:6D4780F4A04AA9439EC82773EBAE5B96
              SHA1:189F4FE014F093E4FA1679983795D31F8C5D7C46
              SHA-256:4C6C5A8A261EA27DEA417A9063B4F38E49FE21DC888647FE19AD6972BCB70BD0
              SHA-512:1C1BC2B0515726A2F51BEFB66328FA16B62FE637CC31632F82AE0991FC0CB480D1E2746A0D9DB75F003AE62E52E442E6892C4A0C8F1B8CC1CB1A273D29A0C6AC
              Malicious:false
              Reputation:unknown
              URL:https://powerforms.docusign.net/style.css
              Preview: .message-enter {. transform: translate(0,-50px);. transform: translate3d(0,-50px,0);. opacity: 0.1 !important;.}...message-enter.message-enter-active {. transform: translate(0,0);..transform: translate3d(0,0,0);. opacity: 1.0 !important;. transition: opacity 0.5s ease;. transition-property: transform, opacity;..transition-duration: 500ms;..transition-timing-function: cubic-bezier(0.175, 0.665, 0.320, 1), linear;.}...message-leave {. transform: translate(0,0);. transform: translate3d(0,0,0);. opacity: 1 !important;.}...message-leave.message-leave-active {. transform: translate(0,-50px);..transform: translate3d(0,-50px,0);. opacity: 0.1 !important;. transition: opacity 0.5s ease;. transition-property: transform, opacity;..transition-duration: 500ms;..transition-timing-function: cubic-bezier(0.175, 0.665, 0.320, 1), linear;.}...messages-global .message {. opacity: unset;.}../* Spinner */..loader {. position: absolute;. height: 40px;. width: 144px;. top: 40%;. left:

              Chrome Cache Entry: 106

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:JSON data
              Category:dropped
              Size (bytes):79047
              Entropy (8bit):5.266383897324554
              Encrypted:false
              SSDEEP:
              MD5:EC182550F48654B5C96BE35F9847910D
              SHA1:92982EFB844F41D805B238F524557434E5F41576
              SHA-256:8F2F3DBD9CF744E8D23530DE14BDD7F4DF7B82D2B1858D6120665D56A2F3DBFB
              SHA-512:04C616E9FF950ABA00C272E89EFAFDC864FA69ED88BF2817714D7BF8DB8A410E2B68982088490735C17BA84907427321785DDBD137AF336C3EE40B411951266B
              Malicious:false
              Reputation:unknown
              Preview:{. "_PACKAGE_VERSION": "1.219.0",. "_LOCALE": "it",. "Powered by": "Con tecnologia {{DOCUSIGN_LOGO}}",. "Contact Us": "Contattaci",. "Terms of Use": "Condizioni per l'utilizzo",. "Privacy": "Privacy",. "Intellectual Property": "Propriet. intellettuale",. "xDTM Compliant": "Conforme xDTM",. "Copyright . {{CURRENT_YEAR}} DocuSign, Inc. All rights reserved": "Copyright . {{CURRENT_YEAR}} Docusign, Inc. Tutti i diritti riservati",. "Feedback": "Feedback",. "Aria-language-selector": "selettore lingua",. "D_P:January": "Gennaio",. "D_P:February": "Febbraio",. "D_P:March": "Marzo",. "D_P:April": "Aprile",. "D_P:May": "Maggio",. "D_P:June": "Giugno",. "D_P:July": "Luglio",. "D_P:August": "Agosto",. "D_P:September": "Settembre",. "D_P:October": "Ottobre",. "D_P:November": "Novembre",. "D_P:December": "Dicembre",. "D_P:Su": "Do",. "D_P:Mo": "Lu",. "D_P:Tu": "Ma",. "D_P:We": "Me",. "D_P:Th": "Gi",. "D_P:Fr":

              Chrome Cache Entry: 107

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:SVG Scalable Vector Graphics image
              Category:downloaded
              Size (bytes):2940
              Entropy (8bit):4.174861243509924
              Encrypted:false
              SSDEEP:
              MD5:55ACF27E6B517AF140D1C9FB147E31E8
              SHA1:FD74318612D950AE56B82776D4507A703E2745EF
              SHA-256:769113EED5ABF2BB8E472A29D439CC73CA6BCCFA82E3D8F0B36D6F7D9FD740B6
              SHA-512:EF85F9034DE1D6F0C04E7DD24F9743D39D63D2273884C1F46F744D4514E25569F07A7E7D9DBD8F644F6AE0B80E383C91954629356BFFFEC06746947645008826
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/images/2.79.0/global-assets/ds-logo-default.svg
              Preview:<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 241.4" xml:space="preserve">. <g>. <g>. <g>. <path d="M1169.2 109.7v78.7h-28.9v-73.5c0-17.9-7.7-27.9-22.7-27.9s-24.9 10.5-27.7 28.1c-.8 4.2-1 10.7-1 24.4v48.8H1060v-125h25.6c.1 1.1.7 12.3.7 13 0 .9 1.1 1.4 1.8.8 10.6-8.4 22.3-16.2 38.6-16.2 26.8 0 42.5 18.1 42.5 48.8zm-155.8-46.3-.9 14.3c-.1.9-1.2 1.4-1.8.8-3.5-3.3-16.4-17.5-38.3-17.5-31.4 0-54.5 27.1-54.5 63.9 0 37.3 22.9 64.5 54.5 64.5 21.1 0 34-13.7 36.4-16.7.7-.8 2-.3 2 .7-.3 3.8-.8 13.3-4 21.4-4 10.2-13 19.7-31.1 19.7-14.9 0-28.1-5.7-40.6-17.9L920 217.3c13.7 15.5 35.3 24.2 58.8 24.2 37.8 0 60.5-25.9 60.5-68.2V63.4h-25.9zm-34.8 99.8c-18.7 0-31.9-16.2-31.9-38.3S959.9 87 978.6 87s31.9 15.7 31.9 37.9c-.1 22.2-13.3 38.3-31.9 38.3zm-121.1-11.9c0 23.7-19.9 39.6-49.1 39.6-22.9 0-43.3-8.9-55.5-21.6l9.5-22.6c9.2 8.3 24 20.2 45.1 20.2 14.7 0 23.2-6.5 23.2-14.7 0-9.5-11.7-12-25.7-14.7-19.9-4.2-46.3-11-46.3-38.1 0-22.7 18.4-38.3 45.6-38.3 20.9 0 38.9 8 51.3 18.4l-14.2 19

              Chrome Cache Entry: 108

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):9
              Entropy (8bit):2.94770277922009
              Encrypted:false
              SSDEEP:
              MD5:9D1EAD73E678FA2F51A70A933B0BF017
              SHA1:D205CBD6783332A212C5AE92D73C77178C2D2F28
              SHA-256:0019DFC4B32D63C1392AA264AED2253C1E0C2FB09216F8E2CC269BBFB8BB49B5
              SHA-512:935B3D516E996F6D25948BA8A54C1B7F70F7F0E3F517E36481FDF0196C2C5CFC2841F86E891F3DF9517746B7FB605DB47CDDED1B8FF78D9482DDAA621DB43A34
              Malicious:false
              Reputation:unknown
              URL:https://powerforms.docusign.net/favicon.ico
              Preview:Not Found

              Chrome Cache Entry: 109

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (65536), with no line terminators
              Category:downloaded
              Size (bytes):204126
              Entropy (8bit):5.281937778230344
              Encrypted:false
              SSDEEP:
              MD5:DA77AC6B85C62267C679548D978E3962
              SHA1:4C43079B6DF9C98E8CD9A0A043102DC30F4CC167
              SHA-256:3EBBEF1E5AB86599C3D7101EB2A7CBF5F5090915A0C43A89141C04BD39C1AE07
              SHA-512:034EC23C85F2D8FBF6FA30B14ED8513D5ED120A5173CFA48580F42565F3C1C55BABCDDA4759989B95650C99CC393515EBABF42D9719D0C57137F2EB925771646
              Malicious:false
              Reputation:unknown
              URL:https://powerforms.docusign.net/static/js/main.60f04b38.chunk.js
              Preview:(this.webpackJsonppowerforms=this.webpackJsonppowerforms||[]).push([[0],{13:function(e,r,o){"use strict";o.d(r,"p",(function(){return a})),o.d(r,"q",(function(){return i})),o.d(r,"o",(function(){return n})),o.d(r,"a",(function(){return t})),o.d(r,"f",(function(){return l})),o.d(r,"e",(function(){return s})),o.d(r,"b",(function(){return m})),o.d(r,"c",(function(){return d})),o.d(r,"j",(function(){return c})),o.d(r,"m",(function(){return u})),o.d(r,"n",(function(){return _})),o.d(r,"l",(function(){return p})),o.d(r,"i",(function(){return f})),o.d(r,"g",(function(){return g})),o.d(r,"h",(function(){return v})),o.d(r,"k",(function(){return h})),o.d(r,"d",(function(){return b}));const a="SAGA_LOCALE_CHANGE",i="SAGA_POWERFORM_SUBMIT",n="SAGA_INIT_APP",t="CONTEXT_SET",l="MESSAGE_SHOW",s="MESSAGE_HIDE",m="LOADING_START",d="LOADING_STOP",c="POWERFORM_RECIPIENT_UPDATE",u="POWERFORM_VALIDATION_ERROR_SET",_="POWERFORM_VALIDATION_ERROR_UNSET",p="POWERFORM_UPDATE_FROM_API",f="POWERFORM_RECIPIENT_EMP

              Chrome Cache Entry: 110

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
              Category:dropped
              Size (bytes):7405
              Entropy (8bit):2.037697524051661
              Encrypted:false
              SSDEEP:
              MD5:888E04D5D5FF290D47BF73787F1E0BFC
              SHA1:C8EDC4B60BB909C025B908F4ADBEEA557581687C
              SHA-256:387483B8C9FB9F677E0D72D066945675540FE417E6E6C70BAA9C013CB8FC88CD
              SHA-512:0662402C7EBC3D670D40EC55E5DC25C4360E54743517B783151F088A23FDCBE70803B4ED43BCE87D5B50908AC52AF4DEEDE6311445086E5CCFF98E2A82C0CB7A
              Malicious:false
              Reputation:unknown
              Preview:......00..........6... ......................h.......(...0...`............................................"...........ti......................................|q......!..............# .......................y......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              Chrome Cache Entry: 88

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with very long lines (2625), with no line terminators
              Category:dropped
              Size (bytes):2625
              Entropy (8bit):5.332926223958531
              Encrypted:false
              SSDEEP:
              MD5:D83FCF6CA3215B888538017A956970E1
              SHA1:2DDDF923A3590F1299757C5C75A11D162CBAE0D2
              SHA-256:C33F485C3998E052E81641529E50885B0EFFC31F1048545DE26DBDE2456258C2
              SHA-512:B46D1D71C0EDC3D2B7B2A2E3434AB124B3F5F80CF1419C3651FB99549A06EEBE768889D91FABBCD0989A7F2634F5D7D7B299C8A3C45CD99C963BACF360653C49
              Malicious:false
              Reputation:unknown
              Preview:<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><meta name="robots" content="noindex,nofollow"><meta name="format-detection" content="telephone=no"/><link rel="manifest" href="manifest.json"><link rel="shortcut icon" href="favicon.ico"><link rel="stylesheet" href="/style.css"><link rel="icon" type="image/x-icon" href="https://docucdn-a.akamaihd.net/olive/images/2.15.0/favicons/favicon.ico"><title>Docusign</title><link href="/static/css/main.70a50682.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div style='display:none' id='hdn-start-values'>{"env":"eu","acct":"d44dc5b1-71a4-4c3c-bd23-8874f5053d8c","accountId":"d44dc5b1-71a4-4c3c-bd23-8874f5053d8c","recipientLang":"it,it"}</div><div style='display:none' id='hdn-persist-original-values'>{}</div><div id="root"></div><script>!function(e){func

              Chrome Cache Entry: 89

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with no line terminators
              Category:downloaded
              Size (bytes):48
              Entropy (8bit):4.519974678246912
              Encrypted:false
              SSDEEP:
              MD5:95F7E319D2014B954F06AE0ADCF045C8
              SHA1:777F2D78E50FAC28345E7A6037602152B3CDADAD
              SHA-256:D8D7975E99349353AFC890484127FCA90B3C1DDB25CE9864BC3A5C431203E5B9
              SHA-512:715B27DA5CC37C0BC3AC4695937812ABE2A195D065F06268162D96B20D6350D7273195CBE828F3DD758A77B79531FF452C768E2FDDD38C888EA9428DD0D3EDD1
              Malicious:false
              Reputation:unknown
              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwlQdkvD80uunxIFDZRU-s8SBQ14bxIZ?alt=proto
              Preview:CiAKCw2UVPrPGgQIBxgBChENeG8SGRoECAkYARoECGQYAg==

              Chrome Cache Entry: 90

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format (Version 2), TrueType, length 31644, version 1.0
              Category:downloaded
              Size (bytes):31644
              Entropy (8bit):7.993065566948634
              Encrypted:true
              SSDEEP:
              MD5:89C979CFF1EBCBD06171DCD15927EB3A
              SHA1:DDFB17DA64F896EA2682BEC12499ED9D8F65F69D
              SHA-256:F2C05D1D723BD31646C2C5ADB65C29F317FEAB778A02511FBDCBC180853CA042
              SHA-512:AD58C49E307E87D94BCD1AD7DD7D729B752817DC2451D5869A7ECB652622FDC0BE51C4BAA263747D986898756D6B178570BA9AC839AF748FA808DC9B7CECED9E
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/fonts/3.0.0/DSIndigo-Medium.woff2
              Preview:wOF2......{.......k...{1........................?FFTM..6...H..t.`..V.$..e.....$..S.....6.$..(. .. ..3..3[.M...iWu.........~s..`..ws.m...ao..B..U*..g.............vl.1B..*.jf......).ir...Hi.y]Zwp0./QH...V%G.q.....p....f.M.|.4.\.#....7..S.{Q,8sQ..E.J...e.K.i...z...w.j.Q.h..I.})...E-.mjw.~1.7p.|...[...v[.y^.G......q.........,Mydu9..~._hF~..j...#.........j.~..w.k..j......LR..G+r..d.?!\.Mf.Sg...a.,...D*_....`.{=./...........}...T.m.?.6.2`H.5.........=...}.JRI".D.1$..P).xrM.8?O.|...R.TP..P.pX..W.*.U.*Wi.]...t.......h6...l.-...R.EY....C...T...X1s.f....`..%.Q..CEf.......hu.{.........'".i.Q....*.-.......T@.l.f^|...|...1....h...[..u...!.Q.....t...P......^8b....=...q.{6g.,b.....C!4B...m4..,z...4NB...2.C.......n.@..Jo.>).ULf........7U..#.-...TYx-...MH?.Q.....DpM.....3H..L..^......T.km....:.@.X...z....qosW..t.t.K..g(5.#4x..n.Z..d/$..i.....(..(..(..(..(.v.y.;..(...h4...n. .9. ...CC._k..R..x.}QY;..{..."%..EJ.A7qi....<C...&....m19..+..(-@../ P...X.._..O

              Chrome Cache Entry: 92

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with very long lines (2622), with no line terminators
              Category:downloaded
              Size (bytes):2622
              Entropy (8bit):5.33373531874841
              Encrypted:false
              SSDEEP:
              MD5:AF0C898B6482F924F686F15DF2471105
              SHA1:85184AB772B6BF59CBC2CE5899D4BE3D3F17A6B0
              SHA-256:2DF74A09A38EFB4CEB9398F2C0B771980A3EE183E61E374ED9B8A9B4DD1BF86E
              SHA-512:28D96129721763E593377147C5ADAF76544C2FC99000A632FA720AF8F7FD7C9E778E4BB3965E86F1BD5B793A487A81C5F2640746A2EA03223E61D6AD5E46E0DA
              Malicious:false
              Reputation:unknown
              URL:https://powerforms.docusign.net/8a9cfd80-0a52-4a8b-ab04-d0df7438fa47?env=eu&acct=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&accountId=d44dc5b1-71a4-4c3c-bd23-8874f5053d8c&recipientLang=it
              Preview:<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name="theme-color" content="#000000"><meta name="robots" content="noindex,nofollow"><meta name="format-detection" content="telephone=no"/><link rel="manifest" href="manifest.json"><link rel="shortcut icon" href="favicon.ico"><link rel="stylesheet" href="/style.css"><link rel="icon" type="image/x-icon" href="https://docucdn-a.akamaihd.net/olive/images/2.15.0/favicons/favicon.ico"><title>Docusign</title><link href="/static/css/main.70a50682.chunk.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div style='display:none' id='hdn-start-values'>{"env":"eu","acct":"d44dc5b1-71a4-4c3c-bd23-8874f5053d8c","accountId":"d44dc5b1-71a4-4c3c-bd23-8874f5053d8c","recipientLang":"it"}</div><div style='display:none' id='hdn-persist-original-values'>{}</div><div id="root"></div><script>!function(e){functio

              Chrome Cache Entry: 93

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (65462)
              Category:downloaded
              Size (bytes):2783907
              Entropy (8bit):5.589215960452974
              Encrypted:false
              SSDEEP:
              MD5:B086DF007E673AA253A3E0C7524D9474
              SHA1:CDF0150F93B75284EC4245389833A9845303B8D4
              SHA-256:BDAFFC8244BC6350684A4227A8CF441DFB702C85920E054C64C0C88C119CD40D
              SHA-512:1C309E5DFA8C354EAE42809B6F01627EBCBE6C810C26EB8B79225B11E6B0443A2D0BA7ACCA3D1EAD82D1826B65A09222E16B7DD1ADE87ACE04A97AF96621082A
              Malicious:false
              Reputation:unknown
              URL:https://powerforms.docusign.net/static/js/2.a890cee5.chunk.js
              Preview:/*! For license information please see 2.a890cee5.chunk.js.LICENSE.txt */.(this.webpackJsonppowerforms=this.webpackJsonppowerforms||[]).push([[2],[function(e,t,r){"use strict";e.exports=r(822)},function(e,t,r){"use strict";r.d(t,"a",(function(){return Ze})),r.d(t,"b",(function(){return Ge})),r.d(t,"c",(function(){return We})),r.d(t,"d",(function(){return qe})),r.d(t,"e",(function(){return Ye}));var n=r(0);var o=function(){function e(e){var t=this;this._insertTag=function(e){var r;r=0===t.tags.length?t.insertionPoint?t.insertionPoint.nextSibling:t.prepend?t.container.firstChild:t.before:t.tags[t.tags.length-1].nextSibling,t.container.insertBefore(e,r),t.tags.push(e)},this.isSpeedy=void 0===e.speedy||e.speedy,this.tags=[],this.ctr=0,this.nonce=e.nonce,this.key=e.key,this.container=e.container,this.prepend=e.prepend,this.insertionPoint=e.insertionPoint,this.before=null}var t=e.prototype;return t.hydrate=function(e){e.forEach(this._insertTag)},t.insert=function(e){this.ctr%(this.isSpeedy?6

              Chrome Cache Entry: 94

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format (Version 2), TrueType, length 31436, version 1.0
              Category:downloaded
              Size (bytes):31436
              Entropy (8bit):7.993250168057893
              Encrypted:true
              SSDEEP:
              MD5:BA0E987E564CD3409E9D6F690D641F55
              SHA1:1C2684BD20C775B7497796C2FA66AD4943F6B824
              SHA-256:346CFD3DF3DBB80D08655AE396A413F66CBCCFCF201EAE36A6403DCF7ED372BC
              SHA-512:DFBA7D6B8114C9DD1A3288E053F6E7C18A1909F6CBBDF35E46B1972E15497D1C35FE1007FC90CAF111D20AB036D9E1C73C15EDD7B2BF24F24CA4A2A36EBA571D
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/fonts/3.0.0/DSIndigo-Semibold.woff2
              Preview:wOF2......z.......jl..zc........................?FFTM..6...H..t.`..V.(..e.....l..).....6.$..(. ..4..3..M[WL.....{(HD.!..:.jV;\.......vy.b.a.us.f..j........{.I..%.%....H.j.v.n.53sP....CI..D.^.>`Jdb.y.. .E.L...I....I...vD.c. .VD..S.f..x.E....v!...k...b.../.....;...s..T..Y~....~N7m...P.wv..t.....K|.(...b...h..~.....m..*{|......SdU.RI._M......*.s...,wW.0.~..P...F1Q..Umt..LP..#.'...........3.......BL..4.\....qL&\.o"...[.A.0..+.r.b...s.y.Y..d..o...KOa.M..Dk..u.?XS..J.i.7..6..)B..W.].....P.......K)q.f.._.Xy.~....>.Cn#G681..jb....3u........I..;....CBI....T*b.T.*...5.Z...jFi9~.'.1.g.M.h<.S....:[..m.3g...,.DQ.A..i..j.T@.E...1u.....X.s._.s.....'.......O....`,...y@......U/a.!.......T.[.0.'`..l(....h.Z..$...m4..h...*._..@...;!=......ZM.TP.......^N.T..p.!.4@.(m...~._....{..&.85j...Q#f...)......................j. t.s]..m..&.^.G...2.........<..(..(..(..(..(..h4..F..._vx...g....P...PU/`...L<..RJ)..i.+3..p.A.+[....=.X...........B...../.(..X........T.U...3M..]....&

              Chrome Cache Entry: 97

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:Web Open Font Format (Version 2), TrueType, length 29516, version 1.0
              Category:downloaded
              Size (bytes):29516
              Entropy (8bit):7.993944632054563
              Encrypted:true
              SSDEEP:
              MD5:5D66C3D97D4F69A2B3527E3997CBB66B
              SHA1:94EF4F31C1A1CD780A172EDFBF9E3DE61697EF5A
              SHA-256:1BF53B33743C5C45D6C944815F74CBF58B228806858FB6E3A0B86C1204F4BE06
              SHA-512:FEB229CF976DC037130CE7E7A6C0E32FA8BD0C63382B0FFAD82E4448767B88F8C17C431055BF834AF6A5E92E2D34A6EC7432AFDABCEA9FAE867517613AFD3621
              Malicious:false
              Reputation:unknown
              URL:https://docucdn-a.akamaihd.net/olive/fonts/3.0.0/DSIndigo-Regular.woff2
              Preview:wOF2......sL......b...r.........................?FFTM..6...l..t.`..V.*..e.....\..V.....6.$..(. ..Z..3..p[sDq....2.r...n....%2...z..q.Te-;@..%..I......;......{...Rk...@...HG.)G...8.U.x2.q.qZ.../....6".tQw..YVg9V.k.b.)...j.x..D4L_(.Y0.....k(.w...#U.. .;F.T8..j.v.x..p.:$-[o-.W.~~...{.u..3.*..)..J.<w..M.V.(a.......;..7g.,X.fu...............i.]..@..*Y.[x......!....lG....a"...Nd../.k.V...Q...(.BPe.S.E...C$.........W....L.2.%.2.+O..D..TV...h"T.h/N!....,.gaX.....%...x..r.,.Zz....-...f^.T..sZ..e.Ed.8N....%:./...B...m3......E@A...#.....#.}.~.f,2..3.o_..wX.U.uRI...`i...../D.../~.3.......W..#*....U2.r.2.u.B.{.]r"rP{M....V.........LhNU=..{L.......'.U...].0.`...$...4Y..RN...E/........i..<@Y.....:...X.-...R.]..@z...(....p...Y.....").N=...!....,..]D....Z.......o........N.y......g.t..1f#.........o.Y;.y..{...G.......K......>/.,.d.....NU.>7v..KQ....J..l..{w.FH..&..!..?4.q...1wY..7..RJ):..a....<..*..G.M.m..k......."Vhq..xsk...M|...o..d.....w......F.(..(..(..(..(..(..(::

              Static File Info

              General

              File type:CDFV2 Microsoft Outlook Message
              Entropy (8bit):4.6232866526013865
              TrID:
              • Outlook Message (71009/1) 50.89%
              • Outlook Form Template (41509/1) 29.75%
              • Microsoft Word document (old ver.) (19008/1) 13.62%
              • Generic OLE2 / Multistream Compound File (8008/1) 5.74%
              File name:phish_alert_sp2_2.0.0.0 lazz.msg
              File size:94'208 bytes
              MD5:9f344d12395a40c4778c6d553ef88744
              SHA1:01d010b42b9b9290bbea431fb8f76f0aea9615ee
              SHA256:cd442aa4a33bcb644eea9f45d794106d5b1592db12d4ebe8f7acad3ef5e72943
              SHA512:6f492de7e3616eddf61951e1c21c7f1b0604a4994b9cd3949d5e3b8aee1532ba2eca0642bfcb8f7945a3c3d58cdf27b670f88ef259cb925644a6f946a9a65863
              SSDEEP:1536:uMkrEjhf2nHSSMCEm8saYOrhJCRtIeDMdWbc4Ew0gFlzmuWKWNmY3:0SSMCEm8saYO+tIeI5xw00zEb3
              TLSH:A893B711BAFA1109F1F79F7685F66553893F7D269E25D90E2084330E19F2E00EC62B6B
              File Content Preview:........................>......................................................................................................................................................................................................................................

              Static Mail

              General

              Subject:Documento Amministratore per Store Itancia
              From:servizioclienti <servizioclienti@itancia.com>
              To:"andrea.lazzarino@kireygroup.com" <andrea.lazzarino@kireygroup.com>
              Cc:
              BCC:
              Date:Wed, 04 Dec 2024 16:39:38 +0100
              Communications:
                Attachments:
                • image001.png
                • image002.png
                • image003.png
                • image004.png
                • image005.png
                • image006.png

                Headers

                Key Value
                Receivedfrom AS8P251MB0935.EURP251.PROD.OUTLOOK.COM
                1539:38 +0000
                ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
                ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
                h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
                ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass
                by AS8PR08MB5877.eurprd08.prod.outlook.com (260310a6:20b:291::13) with
                2024 1539:38 +0000
                (260310a6:209:82::44) with Microsoft SMTP Server (version=TLS1_3,
                4 Dec 2024 1539:42 +0000
                Authentication-Resultsspf=fail (sender IP is 18.185.115.174)
                Received-SPFFail (protection.outlook.com: domain of itancia.com does not
                via Frontend Transport; Wed, 4 Dec 2024 1539:42 +0000
                for <andrea.lazzarino@kireygroup.com>; Wed, 4 Dec 2024 1539:39 +0000 (UTC)
                X-TM-MAIL-RECEIVED-TIME1733326779.990000
                X-TM-MAIL-UUIDe9feccbd-838e-4a64-a79f-2de4eb60fe51
                DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed;
                by AM9P251MB0173.EURP251.PROD.OUTLOOK.COM (260310a6:20b:41e::17) with
                ([fe80:5ca1:e45d:5bae:2096%4]) with mapi id 15.20.8207.017; Wed, 4 Dec 2024
                Fromservizioclienti <servizioclienti@itancia.com>
                To"andrea.lazzarino@kireygroup.com" <andrea.lazzarino@kireygroup.com>
                SubjectDocumento Amministratore per Store Itancia
                Thread-TopicDocumento Amministratore per Store Itancia
                Thread-IndexAdtGP5G9PUWuzfKGRGuy0zcV8MAUNQABELNQAATjXcAAAtXZAA==
                DateWed, 4 Dec 2024 15:39:38 +0000
                Message-ID<AS8P251MB093509592D39799DD01127B891372@AS8P251MB0935.EURP251.PROD.OUTLOOK.COM>
                References<AS8P251MB093543CB8C1D9CD8584110B491372@AS8P251MB0935.EURP251.PROD.OUTLOOK.COM>
                In-Reply-To<AS8P251MB09353A09BB9DDF9FA19E962991372@AS8P251MB0935.EURP251.PROD.OUTLOOK.COM>
                Accept-Languageit-IT, en-US
                Content-Languageit-IT
                X-MS-Has-Attachyes
                X-MS-TNEF-CorrelatorAuthentication-Results-Original: dkim=none (message not signed)
                x-ms-exchange-messagesentrepresentingtype1
                x-ms-traffictypediagnosticAS8P251MB0935:EE_|AM9P251MB0173:EE_|AMS0EPF000001B1:EE_|AS8PR08MB5877:EE_|AS8PR08MB6024:EE_
                X-MS-Office365-Filtering-Correlation-Id27038335-f50e-4705-8549-08dd1479df39
                x-ms-exchange-senderadcheck1
                x-ms-exchange-antispam-relay0
                X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|366016|1800799024|376014|8096899003|38070700018;
                X-Microsoft-Antispam-Message-Info-Original=?us-ascii?Q?PO6cQ9QHn3tNEhq1rvGS6OUMxA+r8A0dLNXb2Xhw8PLnKtl9cLHn31aeuw/C?=
                X-Forefront-Antispam-Report-UntrustedCIP:255.255.255.255;CTRY:;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS8P251MB0935.EURP251.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(8096899003)(38070700018);DIR:OUT;SFP:1102;
                Content-Typemultipart/related;
                MIME-Version1.0
                X-MS-Exchange-Transport-CrossTenantHeadersStampedAS8PR08MB5877
                X-TM-Received-SPFPass (domain of servizioclienti@itancia.com designates
                X-TM-Authentication-Resultsspf=pass (sender IP address: 40.107.104.119)
                X-TM-AS-ERS40.107.104.119-127.5.21.1
                X-TMASE-VersionStarCloud-1.3-9.1.1028-28838.000
                X-TMASE-Result10--26.659000-4.500000
                X-TMASE-MatchedRID7u3eoxEoplARpXdJQyf5BQsSAMq1ugbcY9xoykdyAsPafagkQ8GmrH5+
                X-TMASE-SNAP-Result1.821001.0001-0-1-22:0,28:1,33:0,34:0,42:1-0
                X-TMASE-XGENCLOUDa15d2b86-1afa-4a2f-bac2-525b7f06b521-0-0-200-0
                X-TM-Deliver-Signature461C31272743A816C757A02B2F292CF6
                X-TM-Addin-AuthY+kdc1D8QyYO9pb+rrKvfIOXLS7yj3UA3HV+hXHrwOwtKK3UNUNu+2ofMBd
                X-TM-Addin-ProductCodeEMS
                Return-Pathservizioclienti@itancia.com
                X-MS-Exchange-Organization-ExpirationStartTime04 Dec 2024 15:39:42.5165
                X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                X-MS-Exchange-Organization-Network-Message-Id27038335-f50e-4705-8549-08dd1479df39
                X-EOPAttributedMessage0
                X-EOPTenantAttributedMessagedbcf5543-63e3-46f0-99c1-ff8b22e4521a:0
                X-MS-Exchange-Organization-MessageDirectionalityIncoming
                X-MS-Exchange-Transport-CrossTenantHeadersStrippedAMS0EPF000001B1.eurprd05.prod.outlook.com
                X-MS-PublicTrafficTypeEmail
                X-MS-Exchange-Organization-AuthSourceAMS0EPF000001B1.eurprd05.prod.outlook.com
                X-MS-Exchange-Organization-AuthAsAnonymous
                X-MS-Office365-Filtering-Correlation-Id-Prvsa1ae08d4-561f-4540-5a2b-08dd1479dcb3
                X-MS-Exchange-AtpMessagePropertiesSA|SL
                X-MS-Exchange-Organization-SCL1
                X-Microsoft-AntispamBCL:0;ARA:13230040|35042699022|5063199012|5073199012|4073199012|22003199012|8096899003;
                X-Forefront-Antispam-ReportCIP:18.185.115.174;CTRY:DE;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:inpost.tmes.trendmicro.eu;PTR:inpost.tmes.trendmicro.eu;CAT:NONE;SFS:(13230040)(35042699022)(5063199012)(5073199012)(4073199012)(22003199012)(8096899003);DIR:INB;
                X-MS-Exchange-CrossTenant-OriginalArrivalTime04 Dec 2024 15:39:42.4228
                X-MS-Exchange-CrossTenant-Network-Message-Id27038335-f50e-4705-8549-08dd1479df39
                X-MS-Exchange-CrossTenant-Iddbcf5543-63e3-46f0-99c1-ff8b22e4521a
                X-MS-Exchange-CrossTenant-AuthSourceAMS0EPF000001B1.eurprd05.prod.outlook.com
                X-MS-Exchange-CrossTenant-AuthAsAnonymous
                X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                X-MS-Exchange-Transport-EndToEndLatency00:00:04.4009242
                X-MS-Exchange-Processed-By-BccFoldering15.20.8207.017
                X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                X-Microsoft-Antispam-Message-Info=?us-ascii?Q?qJVMJw7B/D5ef8lM9aE8z959Vq6n6DTR9kf1XEMhgnaubBtXymtVgH7cvA90?=
                dateWed, 04 Dec 2024 16:39:38 +0100

                File Icon

                Icon Hash:c4e1928eacb280a2