Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FREYGAEDE.eml

Overview

General Information

Sample name:FREYGAEDE.eml
Analysis ID:1500778
MD5:aa8708c9c6bbad6424ab35c93fbec9b4
SHA1:3c2d0ffeeaebb6413f7f53900a3a4ad48af623ad
SHA256:b548f168f69c4f308696845c36901ed9fdbf6ef08750e66ba7dd6c28fc146102
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

HTML body contains low number of good links
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6708 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FREYGAEDE.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3020 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B1749A24-A6CD-41D6-AC32-8C04BD1C3E7F" "888B9B2B-F958-41AB-939A-461386112555" "6708" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cancccu-my.sharepoint.com/personal/helpdesk1_candccu_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhelpdesk1_candccu_com%2FDocuments%2FVIEW%20AND%20PRINT&ga=1 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2912 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1840,i,7564462004324365870,9867988661473277000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6708, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968cHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=trueHTTP Parser: Number of links: 0
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968cHTTP Parser: Title: Redirecting does not match URL
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=trueHTTP Parser: <input type="password" .../> found
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968cHTTP Parser: No favicon
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968cHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=trueHTTP Parser: No <meta name="author".. found
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968cHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
Source: chrome.exeMemory has grown: Private usage: 1MB later: 29MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.31.69
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: cancccu-my.sharepoint.com
Source: global trafficDNS traffic detected: DNS query: login.microsoftonline.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: clean2.winEML@18/40@12/65
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240828T1634150390-6708.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FREYGAEDE.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B1749A24-A6CD-41D6-AC32-8C04BD1C3E7F" "888B9B2B-F958-41AB-939A-461386112555" "6708" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "B1749A24-A6CD-41D6-AC32-8C04BD1C3E7F" "888B9B2B-F958-41AB-939A-461386112555" "6708" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cancccu-my.sharepoint.com/personal/helpdesk1_candccu_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhelpdesk1_candccu_com%2FDocuments%2FVIEW%20AND%20PRINT&ga=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1840,i,7564462004324365870,9867988661473277000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cancccu-my.sharepoint.com/personal/helpdesk1_candccu_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhelpdesk1_candccu_com%2FDocuments%2FVIEW%20AND%20PRINT&ga=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1840,i,7564462004324365870,9867988661473277000,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dual-spo-0005.spo-msedge.net
13.107.136.10
truefalse
    		unknown
    sni1gl.wpc.omegacdn.net
    		152.199.21.175
    		truefalse
      		unknown
      www.google.com
      		216.58.206.68
      		truefalse
        		unknown
        s-part-0032.t-0009.t-msedge.net
        		13.107.246.60
        		truefalse
          		unknown
          cancccu-my.sharepoint.com
          		unknown
          		unknownfalse
            		unknown
            identity.nel.measure.office.net
            		unknown
            		unknownfalse
              		unknown
              aadcdn.msftauth.net
              		unknown
              		unknownfalse
                		unknown
                login.microsoftonline.com
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968c&sso_reload=truefalse
                    		unknown
                    https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=056A8F4E3831E1E9D3AFD6BDBC094513C7F7DE9C15F7C1BF%2D913A6957DE3064055B89D395EF61B4DAFC021E8508B0178D8BA45629503A7D05&redirect%5Furi=https%3A%2F%2Fcancccu%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=02ce4aa1%2Da076%2D6000%2D582d%2Da2bdff5b968cfalse
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      52.113.194.132
                      		unknownUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      13.107.136.10
                      		dual-spo-0005.spo-msedge.netUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      74.125.133.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.217.16.206
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      20.42.65.94
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      13.107.246.60
                      		s-part-0032.t-0009.t-msedge.netUnited States
                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      52.109.32.39
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      2.19.126.224
                      		unknownEuropean Union
                      		16625AKAMAI-ASUSfalse
                      216.58.206.68
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      20.190.160.14
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      2.19.126.143
                      		unknownEuropean Union
                      		16625AKAMAI-ASUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      52.109.89.19
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      152.199.21.175
                      		sni1gl.wpc.omegacdn.netUnited States
                      		15133EDGECASTUSfalse
                      40.126.31.69
                      		unknownUnited States
                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                      142.250.186.74
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.186.99
                      		unknownUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.16

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1500778
                      Start date and time:2024-08-28 22:33:42 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:17
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:FREYGAEDE.eml
                      Detection:CLEAN
                      Classification:clean2.winEML@18/40@12/65
                      Cookbook Comments:
                      • Found application associated with file extension: .eml

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 93.184.221.240, 184.28.90.27
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                      • VT rate limit hit for: FREYGAEDE.eml

                      LLM Input / Output

                      InputOutput
                      URL: Email Model: jbxai
                      {
"brand":["fg"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                      URL: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: jbxai
                      {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Sign in",
"text_input_field_labels":["Email,
 phone,
 or Skype",
"Can't access your account?"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                      URL: https://login.microsoftonline.com/ad4733b3-8e20-45c6-a70c-cc544cbccfa5/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D0000000 Model: jbxai
                      {
"phishing_score":1,
"brand_name":"Microsoft",
"reasons":"The URL and domain name are consistent with the identified brand,
 and the design and layout of the webpage are typical of a legitimate login page for Microsoft's online services. The presence of a search bar and footer links also suggests a legitimate and user-friendly interface."}

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):231348
                      Entropy (8bit):4.391542649513935
                      Encrypted:false
                      SSDEEP:
                      MD5:863FC17AD7AD72B5932526724565F44F
                      SHA1:763665311B38B2A1FE5C779EF581F39FA27E69B8
                      SHA-256:DA470E9FDEB0497470D8A0FB1E28204321E3EE663A942B407AC9B5A5D8B8BF06
                      SHA-512:859A72DF7A8BB7751F0ECEB8AFD6CAE21C32F37B572B0D8593A6B99D7F775730F620B48C79E0E99A4FF0FD788D067B6ECFE8350542B4D0ABB2CE52AC4767B1BB
                      Malicious:false
                      Reputation:unknown
                      Preview:TH02...... .@...........SM01X...,...`...............IPM.Activity...........h...............h............H..h...............h..........+.H..h\cal ...pDat...h.+.0...P......ho.....*........h........_`Rk...h#...@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k7.............!h.............. h.6......h.....#h....8.........$h..+.....8....."h........p.....'h..............1ho...<.........0h....4....Wk../h....h.....WkH..h..*.p.........-h .............+h................... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                      C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                      Category:modified
                      Size (bytes):1869
                      Entropy (8bit):5.085595127633389
                      Encrypted:false
                      SSDEEP:
                      MD5:B3BB3D9E421C9F365B969E721400F593
                      SHA1:640A449D1C18A14E09A852A81EAAEBAFB2C17F63
                      SHA-256:41A0C640F744D8495102C88648C82C7A917A1EE08E7C0BFD90AAF60F4255D5E0
                      SHA-512:9FE5BC233DF02784B4A9A3C09D2A433D55B8F8061F816D7F38C6A4A59E4812ACF1B068BB5065B83F33EE21F3EC5496F9C88C2A93486F73BD5CDAFA61FE951FC1
                      Malicious:false
                      Reputation:unknown
                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-08-28T20:34:16Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-08-28T20:34:16Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-06T09:25:29Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:25:29Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:25:29Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:dropped
                      Size (bytes):322260
                      Entropy (8bit):4.000299760592446
                      Encrypted:false
                      SSDEEP:
                      MD5:CC90D669144261B198DEAD45AA266572
                      SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                      SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                      SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                      Malicious:false
                      Reputation:unknown
                      Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):10
                      Entropy (8bit):2.4464393446710155
                      Encrypted:false
                      SSDEEP:
                      MD5:A2F9165EF018761E6B31599DAE47516E
                      SHA1:8CF4D0C0C4D51652BB4E9EA94CCFA39B3E91CB35
                      SHA-256:DD9735DA1B2ADCCDC0693C0AD559017B11BF8F66EBB3207A0D1950F784F702CD
                      SHA-512:515D2F0737A953B7E50280580BD5A13E38E0381EEE979CFBDEDE2BA2CED4C5272410365D364D8624AF9B943C053E9496F7ECE6A5405F82122005A13D95DD1D34
                      Malicious:false
                      Reputation:unknown
                      Preview:1724877258

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                      Category:dropped
                      Size (bytes):4096
                      Entropy (8bit):0.09304735440217722
                      Encrypted:false
                      SSDEEP:
                      MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                      SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                      SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                      SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                      Malicious:false
                      Reputation:unknown
                      Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):4616
                      Entropy (8bit):0.13758003262114013
                      Encrypted:false
                      SSDEEP:
                      MD5:E5152FFDDCF9D48A8E28667BC02A1555
                      SHA1:DB9F3A298459110227C469386854F0E7EE9FC321
                      SHA-256:8EA1FF9E24CDC0E3BC740D4E04943F1567317210BCB464D43ECBFAF3CE30613C
                      SHA-512:8AA558EF38D5CB238CA4881943CC1D0C899605D959A67B377A45589E4A3AE3F59D482164740A25E96CAA53CBF58CEB4CFDCF6FB1BAA8F2805950CD0FD5317670
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c......._t....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.0446603401158491
                      Encrypted:false
                      SSDEEP:
                      MD5:2BC0AD3ED16FB83C535039B367BB13E7
                      SHA1:9BB0EDED410BEAD0A0BC98E6243465FA2E1C2294
                      SHA-256:7732B536210E89776888BB71C3DC4CD17121ABAEBD981BDE9BDACE933F91E918
                      SHA-512:24D831092CFD13547FA5C3BF1173360D15332B084C97CAC118F31229660B2FF756E3C91F3551B432745A30776ACFCA9B658FB3823EA95604486F45F04439C175
                      Malicious:false
                      Reputation:unknown
                      Preview:..-.....................2.P......<&l....y..;....-.....................2.P......<&l....y..;..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Write-Ahead Log, version 3007000
                      Category:modified
                      Size (bytes):45352
                      Entropy (8bit):0.3949086656881072
                      Encrypted:false
                      SSDEEP:
                      MD5:E2A4C476FB6951B2676DEBD5A2A21031
                      SHA1:D56924B556D32B57985972FEF5294540244B52F6
                      SHA-256:622D9C50C5F53A0476B43715BB86811438BCEEA2213BAA8B11F17D796101D178
                      SHA-512:3FB40342146345FE298E06FBF19111B9721EA2C55C1A0C04EF87EC48D5F597F07901D64AD4C459FA4BFF4C5C04E5CB860CA4749C9C2CBE176635AE6FDC8ADB31
                      Malicious:false
                      Reputation:unknown
                      Preview:7....-.............<&l......."............<&l....R!..y.SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2CB8FCEE.dat

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:PNG image data, 129 x 47, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):9138
                      Entropy (8bit):7.97534750650146
                      Encrypted:false
                      SSDEEP:
                      MD5:D456640609408FE1FAFB652D1617DB14
                      SHA1:9C8D371215A1521F00DF6F74977B7AEA94F7F2B7
                      SHA-256:85EB69546211D646DFE36D80F981CF83A4525F0C2B8FB283496D854B684D8E8B
                      SHA-512:BDA64E7E52E6D5CCCC6C1005D1131FF851982479C4E6A2389FB904F2F3855642CD0ABC1D14E03FF38B01D75C90D9257BFA4EDB158961DE5C00E905E40486C2FE
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR......./............sRGB....... .IDATx^.|..U.....9.]."".4QL...TH.I..H(.A.5j4.X..._....T..I...H..A.].#.{.e..{O..g..,MX....y.}.{..3...{..\.9l.....Y9......a.......a..v.z.F...th......c.[..\...}.l....:<.....>..B.(X.p..Y..m..[}f.....X..........G..wv+KA......].m..=..Ug.A.t..I.QH..=.i.twq..._......*.......O.f.../...%@...!.].p../..i.ZsV....Qd..].}!nB:./.......u8k ......M.f..SYz.2U3.....=..S.|.e....R.y;b>.U7)!.a. n@......u...O..V@..?.@3.i.vP&....,%.+.......3kb.. .....9...[...(..?6)P............+R..=..C..Ap..g_....-..t..8Ic...a.;......9#..u..E.^J.....0.N...\.?.7..4l..z....g...uH..ca...r4.OF......,w..#..p...{.p...M.'O........{v....i....c.N......c......v.S0....e.........G....0..M.9dd..1..PBz.........%.i.].t...._..`.V_Hg`a.IM.....C7Az....."........s?...m.3........p..._0.+...'U.j..H.".>(X<n..6pN.........g:.e.....f..m..=..x.F.p..Z......E..".dL.....:.Cp..&..Q{@L......$).t.w>.....z!X.qz....?....2..H.-..{R.......=V..f.K....6q=.

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\76AC1A61.dat

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:PNG image data, 34 x 34, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):1685
                      Entropy (8bit):7.877636276264286
                      Encrypted:false
                      SSDEEP:
                      MD5:6F8A6198B01E77A5F8F5AA5089A90E6C
                      SHA1:B4875204F73DBB1657D1C4675DDB79A16056D9A2
                      SHA-256:A8C97B925436D0F4B45012D960584BEF33AA2BABAA4F9B903DA9232B035BC73B
                      SHA-512:962D52B6344DA68FB7E2857F555C58FC9AC4A6559272BC6737048FFDEDF112C5205BEFA6988B350B70640217039AB294C54DA5C89960387630B45D2E88755E88
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR..."...".....:G......sRGB........OIDATXG.ilTU.....7.......... A"...e1......E.!F....T46Q.|1!|."H$..J&E#R+..Xd......t.va:.{.........6i2..s...2"...[..qk...FFD.......S/H.....x.....N]..8y.F..6.`B{Oo..q:Rk]V.a.Ck.qgV.}9.C....`/... ..c...g.{p.q....\.#....%P0`.0M..AF..j=...f.v..^|<.N"...8,..rw.Y-o....V....aB...sHH...~....T|..-.%M....qVT.1.73kj....a......*.....'./..-.b..a.8.Z.um..5...#....l..#:..|..l....C..*.P..LQFQ... ..L...p7D`E[YI.|..D..i.L.&..c.`.....1.......A..e..)l)..)).......g...... .........Tn...Q.v....z...... ..n.i.jF.....D...u3'`...T.....$.H.ST.#..C.m.K..M..=...L.%....BX4)..<1.|...,.y....]WG...k.....[^+~.o g.w...>.>.:....G.7..1.8.j.FY-h....=......D6...t....$.b...F.G..[y...c.............".."..B`zN.........=.LZ'.O...cf..\....R,..@\..J&.Vm)..[...y...H~o....T...X'..:..!|....)X..c...EmS;...A~V...A.4.........!......r...c,....?w_n_._7BB MSq.t>&;.p..Y[k..x.v-.e.o..q...c2........gp..A-#..L.#.sW.,.....+.i..."A....poN....w.EAn......

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\AD69AC17.dat

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:PNG image data, 81 x 41, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):5483
                      Entropy (8bit):7.953020434855075
                      Encrypted:false
                      SSDEEP:
                      MD5:8BC43D8EF4A220C921806C5544D86F37
                      SHA1:0A1AD9DD27C15B092725B10763481F56BEB48975
                      SHA-256:381509210596D26FEA7B75FDA7E20D37734A8A8CE65BA5A7E7269F8C3658402C
                      SHA-512:3A1E5EE72FD25DA08A4F9BD3A89E31627F84E5FE74B08D20802F1AFA12EA59557B0E5E01BF5D83EED98CD9A3C814069F8904868C0EF4BF8604EBF115A0A6A3A5
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR...Q...).....M......sRGB........%IDAThC.[.t..~g.[.5.Y.......$$!.@U...U.4........z.9V.h%(.=....A ]....P+KH.J.(...I....6.u.?.IX...s.=.~.....w.y.....>..[.#.....^.....`..Aw\m.#.W(..Ewr9Z.}..:nb.a.......D.....!..~$.%AZ....Ge.Wo....o(@...t.?". .....8........].4(.-.M.K[../5.y.{.,.4..g....%...P.....S.[..3.B..X.'.[0]...^...ZY.pz.Az. f2E....h..-.......J%.L..7...1...PGN...'.~.-.....P]..a..L..&.EODbR. Gz.P.....Q.l.r.>!'..[<n.s.....&.....b......Y...[>.<F.l...1..=....@{.1.Mn..=J....L..n.. .....!..$..i.....R...$+....@./....P{.08...:]..C@)....S ..P!..%.k.;.L....:}..%Lr...h....:u.+..MG&.0.....>N){S7..Y.q.R`^....Obr.2Y...L.L]X:...a.b....\X"..j.&V]..M.D...m.c.p.m.k....~.a......m...\.C#..i..............;6....=l.I..=.0.^H.{D........6.....'. .*.a..G... /.....W..L'.../.b^a..L.^....a...B.$.e.h.......9A.X..3,...4. .".(.....I..p.o+-..L....GX..../.V..*@.. .m.N.....2....z.4.K...........l..8Yu.h.z..8...#...`.E.8$ .k..@Yq....z...P$...`k%.t...o.E.-y"..F..q..?b......B

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B72DE72C.dat

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:PNG image data, 280 x 108, 8-bit/color RGBA, non-interlaced
                      Category:dropped
                      Size (bytes):36698
                      Entropy (8bit):7.984757874098246
                      Encrypted:false
                      SSDEEP:
                      MD5:22A42F386CD2E7B5899A1A8352D0AE77
                      SHA1:8118E07D744D7405FD28AFC6A873D067DEB05E71
                      SHA-256:8499E066956F4DA8D2809345790FE4A613C6E74DC3F377DA89814BF3F7137DA9
                      SHA-512:C97B7180A447A57E96B87DAEA91142ACD1E900EB634765D1EE67CA2AB893AC5BC7ECB4F6397BD97AD2DE4D07F32F599681AAA343666B367D3C1B6187793FFE3A
                      Malicious:false
                      Reputation:unknown
                      Preview:.PNG........IHDR.......l......J......sRGB....... .IDATx^.}.|UU........J.!..Q...a...6.......`......*....K .......o...%$.%..8...2Hx.S.Y{....M....6.O..5..$I..."..<..m....uy......7.S~.`.....[.yk.4..oq.....+M.:U....i...4.}M.3'..X`fG.".w ..z.?...9f.DG?.{r<...../.[.-...Km..o5'~..3.@....&..7TU..pX.4_.mu..;.m...S.E.y .g.........6.e.0...z..k..^.`?+.m>...F3."..\$f...|.....1o.}.w.M6c.X.h]...\.\...."Y..jE.>....`.. ...B.P#..."l....7.._...s..m6...@v%...^..K..;:.....d^...h.=.s..j......_^.`>+.J..?.~....~b...s.....~.1o.9.....g.];..L.1...!r..H......9..9!.`8..~.....K.....d....q.VUU............ra.a.....?...E.he.u.&.........K/FZ..P.0...V..I.A.-..V..z(V7.p...FH...#..B...=.>o%.......0...\.A.;.......'.%.....j.4.~X...jM.O..7.....3\Q.{w..4{.?5....O..p.M&.......kkkQVV&.K.}.5...[mJ&.x.^TTT.g.(~..j.H.Q.O.S...G....m}.............4.pn.....sB.i..c......?v.k.9.s.|..Gp8.........D...W\!&....(...>.N$J.....D.......k..5r.bccq...P]S..sIL.M......... .Sp..tXlv........u..l.

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7EF163A1-9B79-49B3-B421-FF7CF9441C9C}.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):8500
                      Entropy (8bit):3.032297921468752
                      Encrypted:false
                      SSDEEP:
                      MD5:F2F636BA28B372DB0CA7B574E9E4BEDE
                      SHA1:3F4DA7334C4D5FC23ABB0A7CC57994BE70EBD3CD
                      SHA-256:8A516FA8EB169E5075D521F16C4274F140A745A94A732C00D52C6386E23E6FBC
                      SHA-512:C6E111ED148DF044E0995BE6FC6A38D76297D78B675BD46A71A25B175BB8B1B4658392DDBFCB2733E3957C9E41F85137561D1E5DD1C307D5BD1C9E5BB6207778
                      Malicious:false
                      Reputation:unknown
                      Preview:....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...l...........................&.......H...J...d...` ..b ..........................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724877255598551600_C67B8FC4-43D1-4899-A201-FC9A5BA5D0D8.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with very long lines (28756), with CRLF line terminators
                      Category:dropped
                      Size (bytes):20971520
                      Entropy (8bit):0.1801422421118843
                      Encrypted:false
                      SSDEEP:
                      MD5:69F617D84D4CF31ED28162C297D04F5A
                      SHA1:957FD71494E63907DB9E08129EA8F6C471AD1AA9
                      SHA-256:DE378053E60C044099A17DBF50BE88451370854FAA53F77A7F43964D8B58DDA6
                      SHA-512:A398CF0E966874F3D1304893423A9E463663C3E91765B8D221048553897E63F9A0A831CD3C646DA7DA8D83E403A0BB9530915685666E7FFB408DD2178726A53B
                      Malicious:false
                      Reputation:unknown
                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/28/2024 20:34:15.629.OUTLOOK (0x1A34).0x1A1C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-08-28T20:34:15.629Z","Contract":"Office.System.Activity","Activity.CV":"xI97xtFDmUiiAfyaW6XQ2A.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...08/28/2024 20:34:15.645.OUTLOOK (0x1A34).0x1A1C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-08-28T20:34:15.645Z","Contract":"Office.System.Activity","Activity.CV":"xI97xtFDmUiiAfyaW6XQ2A.4.12","Activity.Duration":9646,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724877255599429100_C67B8FC4-43D1-4899-A201-FC9A5BA5D0D8.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):20971520
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                      Malicious:false
                      Reputation:unknown
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240828T1634150390-6708.etl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:modified
                      Size (bytes):106496
                      Entropy (8bit):4.519089510343924
                      Encrypted:false
                      SSDEEP:
                      MD5:EE69274F992A559512F5F57ECA982483
                      SHA1:2E93299F5E2148DF73ECAAECCFAE734ED62EE01D
                      SHA-256:14A5A9CF3695E54FA13607D2AEAC0182F947AE5D0CD6D2AB7D8951761CC80247
                      SHA-512:F0E2261F25F9A9DB4142601C142A3EDC3C49839BA44BF99BD6C696DD7AF3C8C140F73007F6DD6FAC39120A0E24B2DD347EDFB67D685E3902A32794E27964328A
                      Malicious:false
                      Reputation:unknown
                      Preview:............................................................................`.......4.....!.....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y............!.............v.2._.O.U.T.L.O.O.K.:.1.a.3.4.:.f.9.9.4.2.2.3.3.6.e.e.9.4.5.d.a.a.0.4.4.6.c.d.4.1.2.7.a.f.f.c.2...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.8.T.1.6.3.4.1.5.0.3.9.0.-.6.7.0.8...e.t.l.......P.P.....4.....!.............................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):30
                      Entropy (8bit):1.2389205950315936
                      Encrypted:false
                      SSDEEP:
                      MD5:C966C95D703217E47FFDAF4368179A61
                      SHA1:7976797D6A202A740665E30A6007C79A87855512
                      SHA-256:F316962F73CCC36CC67F30EEDF303098B6A1E4F49E362B3861D8B763E4FAE296
                      SHA-512:047A7C0773875E370F7EC61DCEA24D7E1F622F9F83614092DDE1B5D3DC4E5A670C133052D086786CE113EF230DFBD47B363FAC3FABBD38A9685065867364F09C
                      Malicious:false
                      Reputation:unknown
                      Preview:....q.........................

                      C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):16384
                      Entropy (8bit):0.6700628936508772
                      Encrypted:false
                      SSDEEP:
                      MD5:124E72A5233C89EEFF1243F56D3A7AB8
                      SHA1:3B14A2AD9C9BC5350EAD3A24E5BC6D8552E7BA93
                      SHA-256:153020346E279F2500DAF8FCCF9DD3B8395A5F8EF49A747FF2EBB18A66B4F38B
                      SHA-512:9DDAB2CE3A71DB6DAD915BA327B35209C929D8DEED99ED697871DF5330C71881559324D55A31E515C2972C408983D813B41D88E026B371B1FB16CC182446BD83
                      Malicious:false
                      Reputation:unknown
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):14
                      Entropy (8bit):2.699513850319966
                      Encrypted:false
                      SSDEEP:
                      MD5:C5A12EA2F9C2D2A79155C1BC161C350C
                      SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
                      SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
                      SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
                      Malicious:false
                      Reputation:unknown
                      Preview:..c.a.l.i.....

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:35:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.986047075668687
                      Encrypted:false
                      SSDEEP:
                      MD5:FD003A1C51B9B5FAD79AE42E74DCC54E
                      SHA1:1A4659BA9D15594194DBCFC2D1EA6C6E1B85DA8C
                      SHA-256:E3BE4E9B4898EF1ED3237F288BE8F960B2F8781AEFBC116CBD29475B57D7CC1D
                      SHA-512:A4758E3D2B38623426F63C2D926418C2E0EE410C73AB279E729C52998F0B4D0E369D0D9B3EDB043EB764151BCD7847BF2672DAD08C04B73459F3D8DA0C5861DE
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....".....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.2z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:35:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):4.000098488808496
                      Encrypted:false
                      SSDEEP:
                      MD5:06838DF673DF9FC82ADBE19FBE6C5705
                      SHA1:25A4630F5997446DF02DC5E3EE70A65EA1D8BDF5
                      SHA-256:665AD2015EF7ECB02A461C4F763D49E5A6DD3C6C11885B71C251A2B609ECA4F7
                      SHA-512:0ADFF18C6D0F995F2C8389637FC862DCA3F7019D01982E5F73FA131C8E4283F8363847414D99E70029D5B5B45357FE9B65414C90A9BCDEA00B78DD74E0AD1409
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....+b.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.2z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.007165287579684
                      Encrypted:false
                      SSDEEP:
                      MD5:98C5243C44FFA1C49B11C59381B92D45
                      SHA1:4EDAAEC325EE38D97F9AFACB60EDA9096C5DB42C
                      SHA-256:5E4FC5DE50728DF3E9DE2CDD09CFBE2D83A3B060DD714EFC5FD32139E20385CF
                      SHA-512:5D17C1B2AF97EAE62A530AED9BB5D2F4A2882ACA08424D6ED212710546AA5DA05BFB9CF031E5592B57E05A9399490C8C663D0728D1AE38BDAD9D27258C04512A
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.2z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:35:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):4.00103494122499
                      Encrypted:false
                      SSDEEP:
                      MD5:7ECA71C76F7375E628D2BDF9A3C9B0D9
                      SHA1:61F43F643E2448CEA47164D3DA27DFB1A8BA644C
                      SHA-256:295CB8471A1E87DCD241A4A0B20828E8BE6A6F64C2429D48C0973039504F8D53
                      SHA-512:CECB733FBB4E47807CD9B685DBAEFE2507C3D00C9EAD13B2FFE926A7EC85506A99B25ABDD85409F0E3CAF36B76ED58B188B7DB428C8A52FA72825E180C538FF3
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.2z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:35:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9874407762940267
                      Encrypted:false
                      SSDEEP:
                      MD5:028A458D748CED0CCE7197ABCB0F4390
                      SHA1:B9535428DCB0D13492F97FD7DC7DF6E0D69FC152
                      SHA-256:232BF043DE3376D585B25076893B43D3BAC2F1C7855B113B5FF5EDF717673FEE
                      SHA-512:36D117EBB5630D5335F9769C03905EE142ECD8C7F487E36747E4884E760E463EEC89646A726E76A6EC77C7E01315AF492D9E12BC4C47331137F59244CD41F42C
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....|.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.2z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:35:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.9954528705861128
                      Encrypted:false
                      SSDEEP:
                      MD5:B1C15D372CF8450DD974BE8AD2150C0E
                      SHA1:AA48AF9B2708E10F31F9AA0CACD35C3A431BD51A
                      SHA-256:EFAD06A11167BB9DE20063E3F672A4F65F52063F993AE4E7EE34DCB562415F41
                      SHA-512:DE2680DCDE6F34DA619EA4D6AB95D41EA1EE46FDBD31ED18760553CD2FDA72B620832F00BBE53D94CFAF5BF41F8BBE08B3C0E24836EB2426942544B3ACEF8C41
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....m......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Y<.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Yl.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Yl.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Yl............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yn............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........7.2z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Microsoft Outlook email folder (>=2003)
                      Category:dropped
                      Size (bytes):271360
                      Entropy (8bit):4.281476104043671
                      Encrypted:false
                      SSDEEP:
                      MD5:DCF591047DFE940FB35C7DEF8818AA4F
                      SHA1:999279F3F2CF6C880C98B9F1ABD7D6C88A1527A7
                      SHA-256:6A1509389A9DC6D48821EA887E8E95206E982DFDC8DDAC7641EE824C65DD08D7
                      SHA-512:1EBBF1F35E35160268B039FC57C9A5117A1927544E274A1AA87942088C591711D72E54C7D00660EF31CE8DF7DDE29934951348ECAB02FB15FEF3C6ABC9DDB0F4
                      Malicious:false
                      Reputation:unknown
                      Preview:!BDN..).SM......\...}...........C.......l................@...........@...@...................................@...........................................................................$.......D......................B...............?...................................................................................................................................................................................................................................................................................................*...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):131072
                      Entropy (8bit):5.620199080059348
                      Encrypted:false
                      SSDEEP:
                      MD5:B46F760E725C32F97B2CEB5AD63F33E9
                      SHA1:4BF258D18FD45C13204C6EC21FF2EBD69E0760B4
                      SHA-256:AFE0F7C32651DC66C542C51F772C67F5738BBDA63DAE7F5AA28F93ECB4B45001
                      SHA-512:AFE01A384B5ECEF577E7B6102E3826C76FA14A07F61F6DFA5DC023D6B1A0FA568BE25A41F91F129A651E669FBC39A3A122D69DC530AEE59AB27F53BEDAC8C9D5
                      Malicious:false
                      Reputation:unknown
                      Preview:.D;PC...r.......4....<........................#.!BDN..).SM......\...}...........C.......l................@...........@...@...................................@...........................................................................$.......D......................B...............?...................................................................................................................................................................................................................................................................................................*........<...........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                      Chrome Cache Entry: 102

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (64616)
                      Category:dropped
                      Size (bytes):449540
                      Entropy (8bit):5.448887818381794
                      Encrypted:false
                      SSDEEP:
                      MD5:D8FF67E1334DAD67202B05BA32DEAD18
                      SHA1:7AAA398BA53310D793E4BB28E6D5F118EF342254
                      SHA-256:4DC06BDE66FF69C3CD7A67B5745C329571334A98ED7AF7C356241CFED32FA6D2
                      SHA-512:67A56439845499BD65D1EDED96298FC6C3EEE99022861EC16AFD9E5D2BC7F94239CA0DD08C54A0C65B057625E59BE6362CBF74D7A97FCBEFE0F9AC88B2FE713E
                      Malicious:false
                      Reputation:unknown
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)

                      Chrome Cache Entry: 103

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (61177)
                      Category:downloaded
                      Size (bytes):113401
                      Entropy (8bit):5.284985933216009
                      Encrypted:false
                      SSDEEP:
                      MD5:41955034BB6BC6963DF5A8ECA72C5B81
                      SHA1:D4B9E8C46100BDDACE8DFA08BDFF1F6F3D3B0A81
                      SHA-256:1F8CEB44FE7CFCF7E71DBD5122210335CA3821D697A851D2900B95AF7D92D69D
                      SHA-512:A52DF8961AC9964DE5202A52B4C38242368DC8898593BF3E8B3AFD3FC77C2C12FE72F27BB410DD4F7498643B69EEEFCCA1A566371E211F874C0BE22CF7E2A4E8
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_qzvqnltrxpy99ajspyxbgq2.css
                      Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                      Chrome Cache Entry: 104

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (45797)
                      Category:downloaded
                      Size (bytes):406986
                      Entropy (8bit):5.317614623419193
                      Encrypted:false
                      SSDEEP:
                      MD5:033A93064FBF6C5BEA2377A5D08D554D
                      SHA1:75524ED095D9ACDD42EA8D67D38A5B0793081D70
                      SHA-256:1EC87632EE58734951AA02813EF07AD377126A39A16F063C181519B98FFFFC07
                      SHA-512:FD93A5DDF2CCE4AA956DF94E10F3791787E157BA8D6CFF8151163F719868105045F431901D496215E5959989A30969AC696C218B29B0AE343F2BF9E7F7D51078
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_6c7dc46bb93924417b57.js
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[8],Array(532).concat([f

                      Chrome Cache Entry: 105

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:Unicode text, UTF-8 text, with very long lines (32057)
                      Category:dropped
                      Size (bytes):56391
                      Entropy (8bit):5.37635913975141
                      Encrypted:false
                      SSDEEP:
                      MD5:B59C16ABA59DB0BC490C85B30C0B60E8
                      SHA1:7B708EC7EDC902283A755FC0BF4E767A2A28473E
                      SHA-256:D65E2644BEA71489D43203AA2ABCBA471C847BF2A176963BE8DB62BF1A70F7A5
                      SHA-512:F7E252E5B6046AFB46658F542233D7E1602C2638089B6BF4E1490643770A28D3DF1FFCB587699B82FD8E821495D69780E160EA8B7065519EEA8B34C98F4817AA
                      Malicious:false
                      Reputation:unknown
                      Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                      Chrome Cache Entry: 106

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:dropped
                      Size (bytes):190152
                      Entropy (8bit):5.348678574819375
                      Encrypted:false
                      SSDEEP:
                      MD5:4877EFC88055D60953886EC55B04DE34
                      SHA1:2341B026A3E2A3B01AFA1A39D1706840D75E09B3
                      SHA-256:8405362EB8F09DF13AE244DE155B51B1577274673D9728B6C81CD0278A63C8B0
                      SHA-512:625844EDC37594D5C2F7622BD1B59278BF68ABB2FA22476C56826433C961C7B1924858A7588F8B6284D3C5AC8738ECB895EEC949DE18667A98C04A59CB03DAC0
                      Malicious:false
                      Reputation:unknown
                      Preview:(window.telemetry_webpackJsonp=window.telemetry_webpackJsonp||[]).push([[2],[,,,function(e,t,n){"use strict";n.r(t),n.d(t,"ValueKind",(function(){return r.e})),n.d(t,"EventLatency",(function(){return r.a})),n.d(t,"EventPersistence",(function(){return r.b})),n.d(t,"TraceLevel",(function(){return r.d})),n.d(t,"AppInsightsCore",(function(){return i.a})),n.d(t,"BaseCore",(function(){return d})),n.d(t,"_ExtendedInternalMessageId",(function(){return r.f})),n.d(t,"EventPropertyType",(function(){return r.c})),n.d(t,"ESPromise",(function(){return g})),n.d(t,"ESPromiseScheduler",(function(){return C})),n.d(t,"ValueSanitizer",(function(){return I})),n.d(t,"NotificationManager",(function(){return E.a})),n.d(t,"BaseTelemetryPlugin",(function(){return S.a})),n.d(t,"ProcessTelemetryContext",(function(){return N.a})),n.d(t,"MinChannelPriorty",(function(){return w.a})),n.d(t,"EventsDiscardedReason",(function(){return P.a})),n.d(t,"DiagnosticLogger",(function(){return c.a})),n.d(t,"LoggingSeverity",(fun

                      Chrome Cache Entry: 84

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 141866
                      Category:dropped
                      Size (bytes):49804
                      Entropy (8bit):7.994672288751266
                      Encrypted:true
                      SSDEEP:
                      MD5:6DE768A4DF1E0D0061CDB52EF06346C4
                      SHA1:3829A667B97668008023DDA98F4C0772174C8EF6
                      SHA-256:58732EEE2ED9091F4F5776DC8A8A14116CBE5A2BA1CCDA0256896BAB08A52128
                      SHA-512:CC6966D2C2B43E762750102E734DA6B88D7BFB92DDB5D482EE25029337D95E997466E83001586F2B63DAEE890B5F3188E8EC0F1B084D5EB67CFEA55EDDFAD47D
                      Malicious:false
                      Reputation:unknown
                      Preview:...........m[.8.0........OL....;w..nf.0.ff.X.'V......4.r~........=........,..JU.......T~.l..?..E.....X..|t~P9...TN..G..?^.~.............Xx.0..Q..Fa4.#7.q...F.;......4...Q.W&~.@....O.*T.y.37J.+Ggf...P....Pz.N...>..a.D..<.m./A,*...Q.....WN.Q...8.Db$.G.H<...'....J,..8..{nG.2@HYkL../......=.pL....A?.&Ng.i,......2lo...$.<.3...?~pW..=...L..&x.QR.u3..#6q2....U.Y1..".M. .<W."7@......w..."H,@......0..P....p:...[...E].A..%..V.K\.......F.ir.}.Lc{s..O.g..(|.........9o..A.t.K....Wv.l6..T.......t.........+..........-w {l..g...V..\=W.j.oaT}t.J`E..$W......;.k.\.t.w~}".....jf..W..."..a..0y........@.T.1.G0.......*.Y_....../..........@.....*]+.*..*.q\.cR.....t.3S-5g....'U.j.d......y.n,:).|.?.FW...d...|.......*.`.3....kMKf...#..,DM.TY+..g.........e+.>...{y..N/..g-#FV.V.p.......Xs.(..{..}..-.O..H=."...........8M.g..!H..0.~.Tdf.;...$D%N .)..!..V...'r\.... ...&....J|."Nd%D:uw:.<W.+...H&.Z...L=..U.v....J.t.0%+...U..3M....y...L..G...p='.....pB"-..|.....j .a".i=O.R Q2..."...

                      Chrome Cache Entry: 85

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (3450), with CRLF line terminators
                      Category:downloaded
                      Size (bytes):3452
                      Entropy (8bit):5.117912766689607
                      Encrypted:false
                      SSDEEP:
                      MD5:CB06E9A552B197D5C0EA600B431A3407
                      SHA1:04E167433F2F1038C78F387F8A166BB6542C2008
                      SHA-256:1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
                      SHA-512:1B4A3919E442EE4D2F30AE29B1C70DF7274E5428BCB6B3EDD84DCB92D60A0D6BDD9FA6D9DDE8EAB341FF4C12DE00A50858BF1FC5B6135B71E9E177F5A9ED34B9
                      Malicious:false
                      Reputation:unknown
                      URL:https://login.live.com/Me.htm?v=3
                      Preview:<script type="text/javascript">!function(t,e){for(var s in e)t[s]=e[s]}(this,function(t){function e(n){if(s[n])return s[n].exports;var i=s[n]={exports:{},id:n,loaded:!1};return t[n].call(i.exports,i,i.exports,e),i.loaded=!0,i.exports}var s={};return e.m=t,e.c=s,e.p="",e(0)}([function(t,e){function s(t){for(var e=f[S],s=0,n=e.length;s<n;++s)if(e[s]===t)return!0;return!1}function n(t){if(!t)return null;for(var e=t+"=",s=document.cookie.split(";"),n=0,i=s.length;n<i;n++){var a=s[n].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===a.indexOf(e))return a.substring(e.length)}return null}function i(t,e,s){if(t)for(var n=t.split(":"),i=null,a=0,r=n.length;a<r;++a){var c=null,S=n[a].split("$");if(0===a&&(i=parseInt(S.shift()),!i))return;var l=S.length;if(l>=1){var p=o(i,S[0]);if(!p||s[p])continue;c={signInName:p,idp:"msa",isSignedIn:!0}}if(l>=3&&(c.firstName=o(i,S[1]),c.lastName=o(i,S[2])),l>=4){var f=S[3],d=f.split("|");c.otherHashedAliases=d}if(l>=5){var h=parseInt(S[4],16);h&&(c.

                      Chrome Cache Entry: 87

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:downloaded
                      Size (bytes):1864
                      Entropy (8bit):5.222032823730197
                      Encrypted:false
                      SSDEEP:
                      MD5:BC3D32A696895F78C19DF6C717586A5D
                      SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
                      SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
                      SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

                      Chrome Cache Entry: 88

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:dropped
                      Size (bytes):3651
                      Entropy (8bit):4.094801914706141
                      Encrypted:false
                      SSDEEP:
                      MD5:EE5C8D9FB6248C938FD0DC19370E90BD
                      SHA1:D01A22720918B781338B5BBF9202B241A5F99EE4
                      SHA-256:04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
                      SHA-512:C77215B729D0E60C97F075998E88775CD0F813B4D094DC2FDD13E5711D16F4E5993D4521D0FBD5BF7150B0DBE253D88B1B1FF60901F053113C5D7C1919852D58
                      Malicious:false
                      Reputation:unknown
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0,0,1,.419-.967,1.413,1.413,0,0,1,1-.39,1.392,1.392,0,0,1,1.02.4,1.3,1.3,0,0,1,.4.958,1.248,1.248,0,0,1-.414.953,1.428,1.428,0,0,1-1.01.385A1.4,1.4,0,0,1,47.25,6.6a1.261,1.261,0,0,1-.409-.948M49.41,18.4H47.081V8.507H49.41Zm7.064-1.694a3.213,3.213,0,0,0,1.145-.241,4.811,4.811,0,0,0,1.155-.635V18a4.665,4.665,0,0,1-1.266.481,6.886,6.886,0,0,1-1.554.164,4.707,4.707,0,0,1-4.918-4.908,5.641,5.641,0,0,1,1.4-3.932,5.055,5.055,0,0,1,3.955-1.545,5.414,5.414,0,0,1,1.324.168,4.431,4.431,0,0,1,1.063.39v2.233a4.763,4.763,0,0,0-1.1-.611,3.184,3.184,0,0,0-1.15-.217,2.919,2.919,0,0,0-2.223.9,3.37,3.37,0,0,0-.847,2.416,3.216,3.216,0,0,0,.813,2.338,2.936,2.936,0,0,0,2.209.837M65.4,8.343a2.952,2.952,0,0,1,.5.039,2.1,2.1,0,0,1,.375.1v2.358a2.04,2.04,0,0,0-.

                      Chrome Cache Entry: 92

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (64612)
                      Category:dropped
                      Size (bytes):113769
                      Entropy (8bit):5.4928592467688535
                      Encrypted:false
                      SSDEEP:
                      MD5:21FB66A712FCAB3BF6667404C78631D6
                      SHA1:6011F3E397AEB5B807EB6BE1A08ABFD302E9D253
                      SHA-256:BAB311BF22661B153353A159F0EC931DBCB79F950FA37DAF9D0FF180CBF45DEB
                      SHA-512:CD310A2C00DB5E273091F45308227CC6CA5131767823C356013AAD5EB515E75048317C4E5A793955CFBC93CE015BAFB89463066ABF0E31870AF93076E98F2586
                      Malicious:false
                      Reputation:unknown
                      Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[37],{1372:function(e,t,

                      Chrome Cache Entry: 93

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                      Category:downloaded
                      Size (bytes):17174
                      Entropy (8bit):2.9129715116732746
                      Encrypted:false
                      SSDEEP:
                      MD5:12E3DAC858061D088023B2BD48E2FA96
                      SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                      SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                      SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                      Malicious:false
                      Reputation:unknown
                      URL:https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                      Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                      Chrome Cache Entry: 95

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:dropped
                      Size (bytes):1592
                      Entropy (8bit):4.205005284721148
                      Encrypted:false
                      SSDEEP:
                      MD5:4E48046CE74F4B89D45037C90576BFAC
                      SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                      SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                      SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                      Malicious:false
                      Reputation:unknown
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                      Chrome Cache Entry: 96

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):36
                      Entropy (8bit):4.503258334775644
                      Encrypted:false
                      SSDEEP:
                      MD5:06B313E93DD76909460FBFC0CD98CB6B
                      SHA1:C4F9B2BBD840A4328F85F54873C434336A193888
                      SHA-256:B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
                      SHA-512:EFD7E8195D9C126883C71FED3EFEDE55916848B784F8434ED2677DF5004436F7EDE9F80277CB4675C4DEB8F243B2705A3806B412FAA8842E039E9DC467C11645
                      Malicious:false
                      Reputation:unknown
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
                      Preview:ChgKDQ3RW1FSGgQIVhgCIAEKBw1Xevf9GgA=

                      Static File Info

                      General

                      File type:RFC 822 mail, ASCII text, with very long lines (857), with CRLF line terminators
                      Entropy (8bit):6.149129831235002
                      TrID:
                      • E-Mail message (Var. 5) (54515/1) 100.00%
                      File name:FREYGAEDE.eml
                      File size:84'173 bytes
                      MD5:aa8708c9c6bbad6424ab35c93fbec9b4
                      SHA1:3c2d0ffeeaebb6413f7f53900a3a4ad48af623ad
                      SHA256:b548f168f69c4f308696845c36901ed9fdbf6ef08750e66ba7dd6c28fc146102
                      SHA512:7f2bf8edab526b3cd4a4dc267bc83e7b7f9685daabee7277144315394df9f67b6de216265ca3834b2e20f49d1e787328119674238a610004c6f3bb3bd7a83bb4
                      SSDEEP:1536:I2VFYcoHdEqmL8zBJh2BUGx9Ocb9UcYppwAEzo1KzfTtu0hPCB:IndwW/2BjOflwAEQSZuc6B
                      TLSH:36830274CC0E1C538BDAA3FAE4A9D6916CA4490EE912E814B1A0E4C6FC4F9D5677F1C3
                      File Content Preview:Received: from SN7PR11MB8025.namprd11.prod.outlook.com (2603:10b6:806:2dc::19).. by SN6PR11MB2992.namprd11.prod.outlook.com with HTTPS; Wed, 28 Aug 2024.. 17:26:45 +0000..Received: from SN6PR11MB2992.namprd11.prod.outlook.com (2603:10b6:805:d4::11).. by S

                      Static Mail

                      General

                      Subject:FREYGAEDE
                      From:Ben Bostic <ben.bostic@fg1948.com>
                      To:Ben Bostic <ben.bostic@fg1948.com>
                      Cc:
                      BCC:
                      Date:Wed, 28 Aug 2024 17:26:41 +0000
                      Communications:
                      • FREYGAEDE Inc is excited to announce a Request for Quotation for our latest innovative project. We invite you to submit your proposal and confirm your availability for the specified scope of work. If you have any questions, please dont hesitate to reach out to me. RFQ: #RFQ-595 FG1948-INC-3<https://cancccu-my.sharepoint.com/personal/helpdesk1_candccu_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhelpdesk1_candccu_com%2FDocuments%2FVIEW%20AND%20PRINT&ga=1> Please be aware that the deadline for this RFQ is Monday, September 2nd, 2024, at 3:00 PM. To acknowledge receipt of RFQ #RFQ-595 FG1948-INC-3<https://cancccu-my.sharepoint.com/personal/helpdesk1_candccu_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fhelpdesk1_candccu_com%2FDocuments%2FVIEW%20AND%20PRINT&ga=1> please reply to this email so I can send you all the necessary documents. Thank you, Thank you, Ben Ben Bostic Manufacturer Representative Central &amp; South Florida Email: ben.bostic@fg1948.com<mailto:jack.frey@fg1948.com> Web: freygaede.com<http://www.freygaede.com/> Connect: <https://www.linkedin.com/in/jack-t-frey/> To access MRL My Resource Library click below <https://myresourcelibrary.com/CRG/BenBostic>
                      Attachments:
                      • image001.png
                      • image002.png
                      • image003.png
                      • image004.png

                      Headers

                      Key Value
                      Receivedfrom SN6PR11MB2992.namprd11.prod.outlook.com ([fe80::f68f:7ff1:74f8:e962]) by SN6PR11MB2992.namprd11.prod.outlook.com ([fe80::f68f:7ff1:74f8:e962%3]) with mapi id 15.20.7875.018; Wed, 28 Aug 2024 17:26:41 +0000
                      FromBen Bostic <ben.bostic@fg1948.com>
                      ToBen Bostic <ben.bostic@fg1948.com>
                      SubjectFREYGAEDE
                      Thread-TopicFREYGAEDE
                      Thread-IndexAdr5aTb1KtssUXFqQYewl6Yh0uwsLw==
                      X-MS-Exchange-MessageSentRepresentingType1
                      DateWed, 28 Aug 2024 17:26:41 +0000
                      Message-ID <SN6PR11MB2992540F0A555D34CE1560DBF7952@SN6PR11MB2992.namprd11.prod.outlook.com>
                      Accept-Languageen-US
                      Content-Languageen-US
                      X-MS-Exchange-Organization-AuthMechanism04
                      X-MS-Exchange-Organization-AuthSourceSN6PR11MB2992.namprd11.prod.outlook.com
                      X-MS-Has-Attachyes
                      X-MS-Exchange-Organization-Network-Message-Id 530f0932-cb9e-4326-0d56-08dcc78694da
                      X-MS-Exchange-Organization-SCL1
                      X-MS-TNEF-Correlator
                      X-MS-Exchange-Organization-RecordReviewCfmType0
                      x-ms-publictraffictypeEmail
                      x-microsoft-antispam-message-info IUqxgCjdW8GlGi+K2nS/ZvLkjzIe+rqTT+Is+2W/DT4DCEI6psje32UFu6fn2xRzFHfJ3TrhMV1bWo0gL591IbB72IURmOXRN+48BMH2HaQWlik544KIuegwt5+N+u0T4G9IzxxiVILDpWOsW/mfLRpqEx1EHc1iEh++yu61IaTSR3Gdwm7CcosSEFg8TiknALjQMhPMovpRnsZiv06mrAcDtDHCiUDP7fdqmXIAw5sqq727WUCmHPFM4hLfyqySY/MVL8nEh6Xcj8SJd1YOYzJZ3uB/Azg6TwBe/k6ICvizFT5rH+b7fww6ZIqRqBUJoF1kZKiiKhgFm5t47ToUxk1frp2QWwWUo3eWWk8EAXCWhvymSIrnON1G+SYAtWKyWf1WMTDzVTLkrEVMk5tCxqpKkEKPXn2LolNb9QeR1IPCVDdeMPdlsm/hcYWirKEysKtRcncyd9Cz6Np9GrqnKdca37ToK0xKinvkrKS67nlwjYTcryt9m6Ma6yoSe6ni/Bi+qH3C5itpCcE+NSGN1m1ldY4gOWgGxI/FDFZV0BUR709rCerMl/1NRU+RvYrGbHxndMJtuQPG9DLag+tiEhlnQE5TNzXqf9Xz742iWEY+OfpnA398QSazrnsxAr+ujquDMAvzuB87M6ev34NF+bnjKgF1Mf8zu5DFExWO6dbCf3KLZ8WoCiOf+GHiY+dWMApiCcM5qXafmQnWinC6aHJayghnMDiDCzjI0A8dS9BH11aDQJoN7W5/O9v4ZTf7mfxxqFaVfS5atTsi+WtJz/NdfINXM2abx6RsaGrB35cF+EdiGYY+yra1gHDv0OfAyOTot6BvaDOSD0ll10JOmg==
                      x-microsoft-antispam-mailbox-delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003);
                      Content-Typemultipart/related; boundary="_007_SN6PR11MB2992540F0A555D34CE1560DBF7952SN6PR11MB2992namp_"; type="multipart/alternative"
                      MIME-Version1.0

                      File Icon

                      Icon Hash:46070c0a8e0c67d6