Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
[EXT] Completed_ AGI Approved and sign REF ID_nYhOPxd2qF.eml

Overview

General Information

Sample name:[EXT] Completed_ AGI Approved and sign REF ID_nYhOPxd2qF.eml
Analysis ID:1528453
MD5:49ca0dad0a1956802cfcf71500a5ac77
SHA1:acda77f37b1f9cf496575119c4d6acfa1b65fd0c
SHA256:ad7dbdcedd5aa5010684d51e6e41f754fbe49dc352ccfe18fe83d290d3e550ac
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6812 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\[EXT] Completed_ AGI Approved and sign REF ID_nYhOPxd2qF.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7044 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D386C27C-B643-4BFA-A125-32E547E05042" "D45FE278-9BCA-4476-8615-77D5B9ADC2E8" "6812" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ== MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 5672 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1852,i,4383564031882658972,16943079318321361674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 6740 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ== MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 7288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=2032,i,4167341096173087679,6356925187378897322,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 8092 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ== MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 7224 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2028,i,18062965042598414588,16563409028818996091,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6812, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.google.ca/url?q=https://sglrda.com/.drogo#amltLmFudHVzaEB3aWViLmNvbQ==HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 31MB
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.22
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: global trafficDNS traffic detected: DNS query: url.avanan.click
Source: global trafficDNS traffic detected: DNS query: www.tiktok.com
Source: global trafficDNS traffic detected: DNS query: www.google.ca
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: sglrda.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.17:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.190.160.22:443 -> 192.168.2.17:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49744 version: TLS 1.2
Source: classification engineClassification label: clean1.winEML@37/25@24/89
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1646090915-6812.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\[EXT] Completed_ AGI Approved and sign REF ID_nYhOPxd2qF.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D386C27C-B643-4BFA-A125-32E547E05042" "D45FE278-9BCA-4476-8615-77D5B9ADC2E8" "6812" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1852,i,4383564031882658972,16943079318321361674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=2032,i,4167341096173087679,6356925187378897322,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D386C27C-B643-4BFA-A125-32E547E05042" "D45FE278-9BCA-4476-8615-77D5B9ADC2E8" "6812" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ==
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1852,i,4383564031882658972,16943079318321361674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=2032,i,4167341096173087679,6356925187378897322,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2028,i,18062965042598414588,16563409028818996091,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.avanan.click/v2/r01/___https:/www.tiktok.com/qnspdA7?fni=6cbb&qfsl=js&xhjsj=gnt_zwq&yfwljy=myyux:ddBBB.lttlqj.hfdzwq?v=frudxdxlqwif.htrd.iwtlt___.YXAzOnNvdXRoZXJua2l0Y2hlbmFuZGdyaWxsOmE6bzoxZWJhNTM5MDhjODJhZTYyM2M5MDM3ZjkwZTI3ZjliZjo3OmUzYTI6MjUxYmEwYmY4MzRlNGZkNWNiNzBlNGJiNmNiNGQwZTMxZDYzMWE0ZGZkZmVmYWQ0MmJkNGQxNGZjNzZiYzQ0MTpoOlQ6VA#amltLmFudHVzaEB3aWViLmNvbQ==
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=2028,i,18062965042598414588,16563409028818996091,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.250.186.46
truefalse
    		unknown
    www.google.ca
    		216.58.212.131
    		truefalse
      		unknown
      d3bl0rsvnw97mw.cloudfront.net
      		108.138.7.20
      		truefalse
        		unknown
        www.google.com
        		142.250.185.100
        		truefalse
          		unknown
          sglrda.com
          		unknown
          		unknownfalse
            		unknown
            url.avanan.click
            		unknown
            		unknownfalse
              		unknown
              www.tiktok.com
              		unknown
              		unknownfalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://www.google.ca/url?q=https://sglrda.com/.drogo#amltLmFudHVzaEB3aWViLmNvbQ==false
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  52.113.194.132
                  		unknownUnited States
                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  142.250.185.78
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  1.1.1.1
                  		unknownAustralia
                  		13335CLOUDFLARENETUSfalse
                  216.58.212.131
                  		www.google.caUnited States
                  		15169GOOGLEUSfalse
                  108.138.7.20
                  		d3bl0rsvnw97mw.cloudfront.netUnited States
                  		16509AMAZON-02USfalse
                  2.19.126.68
                  		unknownEuropean Union
                  		16625AKAMAI-ASUSfalse
                  142.250.185.100
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  74.125.206.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  8.8.8.8
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  239.255.255.250
                  		unknownReserved
                  		unknownunknownfalse
                  2.19.126.151
                  		unknownEuropean Union
                  		16625AKAMAI-ASUSfalse
                  52.182.143.210
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  52.109.89.19
                  		unknownUnited States
                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                  142.250.186.131
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.184.227
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  184.28.90.27
                  		unknownUnited States
                  		16625AKAMAI-ASUSfalse

                  Private

                  IP
                  192.168.2.17

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1528453
                  Start date and time:2024-10-07 22:45:34 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:24
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Sample name:[EXT] Completed_ AGI Approved and sign REF ID_nYhOPxd2qF.eml
                  Detection:CLEAN
                  Classification:clean1.winEML@37/25@24/89
                  Cookbook Comments:
                  • Found application associated with file extension: .eml

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, TextInputHost.exe
                  • Excluded IPs from analysis (whitelisted): 52.113.194.132, 184.28.90.27
                  • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, s-0005.s-msedge.net, e16604.g.akamaiedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: [EXT] Completed_ AGI Approved and sign REF ID_nYhOPxd2qF.eml

                  LLM Input / Output

                  InputOutput
                  URL: Email Model: jbxai
                  {
"brand":["Microsoft"],
"contains_trigger_text":true,
"trigger_text":"AP@wieb.com has sent you a protected message.",
"prominent_button_name":"Read the message",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.",
"has_visible_qrcode":false}
                  URL: https://www.google.ca/url?q=https://sglrda.com/.drogo#amltLmFudHVzaEB3aWViLmNvbQ== Model: jbxai
                  {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"The previous page is sending you to https://sglrda.com/ drogo. If you do not want to visit that page,
 you can return to the previous page.",
"has_visible_qrcode":false}

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):231348
                  Entropy (8bit):4.376299385505383
                  Encrypted:false
                  SSDEEP:
                  MD5:5C2803B8AE372B69E1662A1061072573
                  SHA1:3B1E6E24FDC41AA994D6C5A0D8A9E8F999456A7D
                  SHA-256:914FA2F37994545613CA20A35BC0809FEBFD7DA9125D291E11E9FC6799590E45
                  SHA-512:6F9308C2E8CA237A4BEC1488D8C0B0552057827694F769571B6720708A7FEBD26EA50FD23642C8618EBD350EBBABBB0B6BDB271D23C6EB0A9AABC32E30B17078
                  Malicious:false
                  Reputation:unknown
                  Preview:TH02...... .``..........SM01X...,...................IPM.Activity...........h...............h............H..h..s.....\......h.........E..H..h\tor ...AppD...h...0....s....h...t...........h........_`.k...h...t@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. hB.15......s...#h....8.........$h.E......8....."h(.............'h..............1h...t<.........0h....4.....k../h....h......kH..hp...p.....s...-h .......4.s...+hD..t......s......... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                  C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:XML 1.0 document, ASCII text, with very long lines (2139), with no line terminators
                  Category:dropped
                  Size (bytes):2139
                  Entropy (8bit):5.071900774959723
                  Encrypted:false
                  SSDEEP:
                  MD5:C54FC3F6669BC4CE01EB7FC3E16CA68A
                  SHA1:A425425ABDD856B1F84322D6B5DBAFE006861F58
                  SHA-256:21F168C2A25A616055B15AD1CF0D0F42DA6E9903A85E0CA7C1A68F57FBADA443
                  SHA-512:5DF1A26190C654B6B201671F3B6D03E4F3B2C449AFD37B4C1C585B32F5AC660144950D250354258B1A8A458E243C1E0E71C56457E4F72565E87F02D9FA4F0A16
                  Malicious:false
                  Reputation:unknown
                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>14</Count><Resource><Id>Aptos_26215680</Id><LAT>2023-10-06T09:55:52Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:55:52Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:55:52Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-06T09:55:52Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-06T09:55:52Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:55:52Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_

                  C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Lato\28221965252.ttf

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:TrueType Font data, 16 tables, 1st "GPOS", 30 names, Macintosh, Copyright (c) 2011-2015 by tyPoland Lukasz Dziedzic (http://www.typoland.com/) with Reserved Fon
                  Category:dropped
                  Size (bytes):656544
                  Entropy (8bit):6.544527043014445
                  Encrypted:false
                  SSDEEP:
                  MD5:79203A1947440EDE448A384841980E3C
                  SHA1:A3A53A436BAAF6DC2E7A05F05866A761C214692B
                  SHA-256:8A0AACE75D33794EECE4B28187BFC1DF0BBD2888B5D8A56E01788C8D65D16BE1
                  SHA-512:097CD16A3A037B4257FC02B4C5EFE1ACA0B316AB96BB73FFB59ABA243B32A45E0CFD1D760C7C4C238C4CF949E22BCE22A67C757556314F1147DB76798022919B
                  Malicious:false
                  Reputation:unknown
                  Preview:............GPOS.u....$..4.GSUBl..x...4..$lOS/2k..........`cmapP.....1$....cvt <.....R ....fpgm......E.....gasp............glyf..r}...H....head.C.........6hhea...n...D...$hmtx^JN......./<loca,.....S.../@maxp...w...h... nameJ.....h....post.6.c....... prepo.i:..Qd............P..._.<...........y.....a.c.J.........................V.....J.......................................P.`.w.............g.......x.......x.......c.2................P......!....tyPL.........V.....W .............. ...F.*.........m...k...J...%...+.M.+.M.........~...~...l.....K.........Q...Q.f.[...[......./.......b...........P.K.P.K.s.M.........P.L.....I...I.........*.........m...6...=.........(...1...1.S.3.o.z...C...C.;.C...C...C...C.o.E.o.E.p.G.u.@.,.B.,.B...).K.)...).U.).D.)...)...*...*...*...*...*...*...*...*...*.9.*.8.).8.*.8.*.8.*.8.*.8.*.8.*.9.*...*.9.*...)...*...*.O.)...)...*. .1.o.E.h.z.h...h.....`...B.....-.U.........-.z.-.z...'...}...z.h.z.h.z.}.C.|.1...C.p.z.p.z.o.E...z.o.1.o.1.`.1.a.1...z.[.*..."...!...$.~."

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:dropped
                  Size (bytes):322260
                  Entropy (8bit):4.000299760592446
                  Encrypted:false
                  SSDEEP:
                  MD5:CC90D669144261B198DEAD45AA266572
                  SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                  SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                  SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                  Malicious:false
                  Reputation:unknown
                  Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with no line terminators
                  Category:modified
                  Size (bytes):10
                  Entropy (8bit):2.446439344671015
                  Encrypted:false
                  SSDEEP:
                  MD5:970066D7060304221CA8D72E85591CF2
                  SHA1:49ADF0FCF0908275324A78DA35100D2502189B41
                  SHA-256:A21B4457C510678DB468271146CB6132D312798247ADF2D77604FB980834F16E
                  SHA-512:FEF921320A35C3DDB7F29CCAFE6C5FF7023402F1602735D05E887B176DB9E97F0103619D9D36F4825A3130ED6A8B4D71755E44F05F0F885DD54C4649DA0BD77A
                  Malicious:false
                  Reputation:unknown
                  Preview:1728333972

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):0.09304735440217722
                  Encrypted:false
                  SSDEEP:
                  MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                  SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                  SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                  SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                  Malicious:false
                  Reputation:unknown
                  Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):4616
                  Entropy (8bit):0.13298756720797703
                  Encrypted:false
                  SSDEEP:
                  MD5:887F1DA6E93F94EB06614596AD304B48
                  SHA1:CD54A195FF7A5AF7FF41CF48F25028237A033AA5
                  SHA-256:D805D06472BAEDB3A90AA4E4CC1DF0FB95FB874D7117EBCF81FCE21506172F63
                  SHA-512:0DDCEE6EB60A846C8E517307A69225519A883F5207BB2C4691A427FD346CD517EC89E072DB5F00345A838FCF0A954B2262A8ECF459F424521BEB7B56589B076D
                  Malicious:false
                  Reputation:unknown
                  Preview:.... .c........T....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.04424805450170338
                  Encrypted:false
                  SSDEEP:
                  MD5:863B3F8BB9E653462165DAF84800AE48
                  SHA1:EB24C09606B825A1E569E956A87680BA99FC2EF7
                  SHA-256:C81CA78BF2C7316EE3C546478693836930537B0E3112774DD8FEE5D7FE6BA788
                  SHA-512:A6A6DE13C5B2BDB49F83F332790D1F9FD91EDA42B8D72D06FC8642D0EB0B3CE52C437FB79D414A74E3F39D5AECBD8CC42B9ABC6E5BDFDC2E3D2ABE044E24EC24
                  Malicious:false
                  Reputation:unknown
                  Preview:..-......................-y.)3..K..n............-......................-y.)3..K..n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite Write-Ahead Log, version 3007000
                  Category:dropped
                  Size (bytes):45352
                  Entropy (8bit):0.3935854263624153
                  Encrypted:false
                  SSDEEP:
                  MD5:120EE6D8A5E9CA3D60DF931412D21B6D
                  SHA1:68F2F0F375B512657ADB0DCA1400508745012405
                  SHA-256:6D53529D414F8CD471DF1CEA1D4D5014A8A02647C3244E2A55560CC19D8777D8
                  SHA-512:40A2C0126605E46DE09C50E58889A70EDECB84B7AEBC08F6FADA5B31ECAA8CD5E220EFB34252F11341031C5587437A7F512A0F98502038DE57761808A9441F9F
                  Malicious:false
                  Reputation:unknown
                  Preview:7....-...........K..n.....N+K.E>.........K..n.....c.."..SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{417CDAB8-12C9-4791-B589-52782F5F88F8}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):3004
                  Entropy (8bit):2.7990859620056785
                  Encrypted:false
                  SSDEEP:
                  MD5:D4343F5422A4C78905E1C84582594FC0
                  SHA1:9AFCA28738B7BE92E936F55540248E28650FC530
                  SHA-256:A1F58F4AEC7D89F420C36B19EFF948C69F2154DE3F9ED699B44FF380DCB458C1
                  SHA-512:467DD7027146FC406CE31720664E75E04EC6C14B5B6A3CEF11022E19FDE3557B478CF07F8C70D04C1B4DEE77972862274B79DE7D2DAEB0BCB2D39D758271C221
                  Malicious:false
                  Reputation:unknown
                  Preview:....C.A.U.T.I.O.N.:. .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................<...h............................................................................................................................................................................................................................................................................................................................................................................................................$.a$....-D`.M.............#..$d....%d....&d....'d....N...Z).....O...Z).....

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728333970124988200_E8910B62-B673-451D-906E-443A9FBF1DC9.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with very long lines (28744), with CRLF line terminators
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.16651122621425146
                  Encrypted:false
                  SSDEEP:
                  MD5:7E8E347F4052523EA00F0558640A1ACF
                  SHA1:CD18AAF4F5C86C18AA6D4B862005BE07D00641E2
                  SHA-256:FD4AB9921621EEC97B989E4DD69243A1CC88A87D2DECBF2DF9B5713D47F1083D
                  SHA-512:25897B8968D03F23AEE9D902F42CC87D6D8B59F1F7BB50D723B794A6D7930BC53B0CA5183493A66C90856939087325BA099265821EEA93F6BB304E653BC0AA3B
                  Malicious:false
                  Reputation:unknown
                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/07/2024 20:46:10.170.OUTLOOK (0x1A9C).0x1AA0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-10-07T20:46:10.170Z","Contract":"Office.System.Activity","Activity.CV":"YguR6HO2HUWQbkQ6n78dyQ.4.11","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/07/2024 20:46:10.186.OUTLOOK (0x1A9C).0x1AA0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-10-07T20:46:10.186Z","Contract":"Office.System.Activity","Activity.CV":"YguR6HO2HUWQbkQ6n78dyQ.4.12","Activity.Duration":12322,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728333970126251900_E8910B62-B673-451D-906E-443A9FBF1DC9.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                  Malicious:false
                  Reputation:unknown
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1646090915-6812.etl

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:modified
                  Size (bytes):102400
                  Entropy (8bit):4.504121109082451
                  Encrypted:false
                  SSDEEP:
                  MD5:4A80A46901C3506A2273EE0451453AF5
                  SHA1:B74457E495B5A061C30C26FBA19EE214E7D88E09
                  SHA-256:96A809B029A7C53E662CAA712A63742F740A7587DAF9DB02B1D1066FFE904691
                  SHA-512:EF0885E44D9E84C4ADE96FCE30F2AC2EBA55A76C967E599A2E9E925EA9CB689CFE7B2DB55BDCDC77DAD9FBBC68C24A53A6B0F9B72BE9808E40EE12D69988703B
                  Malicious:false
                  Reputation:unknown
                  Preview:............................................................................d............n......................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................Y.Y...........n..............v.2._.O.U.T.L.O.O.K.:.1.a.9.c.:.7.7.c.a.4.3.f.1.b.b.c.3.4.1.0.8.b.5.2.e.6.8.f.a.f.3.b.6.2.1.2.5...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.7.T.1.6.4.6.0.9.0.9.1.5.-.6.8.1.2...e.t.l...........P.P..........n......................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):30
                  Entropy (8bit):1.2389205950315936
                  Encrypted:false
                  SSDEEP:
                  MD5:05FD585E869C9577CBFCCB142BF37621
                  SHA1:F04012CBF5F82F66C9352F01446578D965F60CDD
                  SHA-256:3FE269B73D8F077D34471B4B3EB8B0176E81726F61B4286E9AB992D8C64CFF90
                  SHA-512:13F042C3CC035BDE1910B93272245206F1EF0DAF126A6BB5A07D4DF9E02960FBD74E80F05B5237F0136348E947E46FF0957AB74BEE6A736A442E87C644D967A5
                  Malicious:false
                  Reputation:unknown
                  Preview:..............................

                  C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):0.6702988582544878
                  Encrypted:false
                  SSDEEP:
                  MD5:3ACB84D16C0FC537B210F97810E688EF
                  SHA1:8ABC34C2795319C1AD1CC4E9D8F0D7636E241B53
                  SHA-256:477AFBAE0474122A23BD6EEA884098C103663B956B36131D936B1B91A9AA126E
                  SHA-512:C890A8FC3E373300F3047005B49513C62B85AE8FCA205354C851E001AFCA64AA4E927767613AF71B81A3BF10EB6934504EA4A4D496AFAE7CD359FCC2BA4CADE2
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:46:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2677
                  Entropy (8bit):3.995984417153556
                  Encrypted:false
                  SSDEEP:
                  MD5:9D0DBAA95F4434B328209EC62CE22C1A
                  SHA1:9274666090EF3E4439DABDD8BA878D1846D29AD3
                  SHA-256:3A5DC987B1B46A1107CAAA22099A1A3A39E6F760983CA10E5BF8FDCF5CBE22B4
                  SHA-512:177136AC37EA89CC022BB6E04DC9085F26D36A81C4FB221278FE89059E3496FB50D423DE89E96B7C8D8CD5373976AEB706889B5B029AECAC68BA1302E29AEB1F
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s$x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:46:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2679
                  Entropy (8bit):4.011800403939398
                  Encrypted:false
                  SSDEEP:
                  MD5:E25C00021C76BC1E06F5B33B7BEFC779
                  SHA1:6694174F2A67CB6EBCC4B139EE4768389DA29D0B
                  SHA-256:9EBF35C2B86C8B2AC73128B0A6646FBCB2A2084EFDECBFA943019C176B0E813D
                  SHA-512:6B86FA0509358578C48B5B0D393E4306B7F1E3F840337662B1D6FCE1362786831105741CF6380A0ED3CEA41ED1CC9B3FD9E669395CE9B1F9FF433E570537C7F3
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s$x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2693
                  Entropy (8bit):4.01820337972282
                  Encrypted:false
                  SSDEEP:
                  MD5:68CEAB1E3B18DC345B31CF58DECC1D9D
                  SHA1:9BB3228D9AE06C4CDC47415334AC2213DAF97EF0
                  SHA-256:F0B4335E48DD825807C80FE335AF689C3A96F1605E42F3C2F2DA4F3BE53527B4
                  SHA-512:9551672A7B5AC5A83C5DB273FABC450EFA05141B63AF795B07A954FB15DBE05E380061713F2D493928AC3FBAEF6F2E44D6BD28FC430ED5052B73139BB5E78C00
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s$x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:46:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):4.009397330920792
                  Encrypted:false
                  SSDEEP:
                  MD5:EF12EE6032A1112B6C3A15D836169CFB
                  SHA1:1E73751E87D0EC17752DA1C2A250201B10CECE22
                  SHA-256:F574DCE38DC4225147B40BFB0BDB830C22E9DEAF01B4E33652011CCBF408D78B
                  SHA-512:7B356A784F4E0B956E8353B952983135E2B3A997E1F31BBEC528572EB6648407F386635327705283356D57457F31E7877FF0B95A1983219B1AF7E9C7DD90A81E
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,....g...........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s$x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:46:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2681
                  Entropy (8bit):3.999950687617136
                  Encrypted:false
                  SSDEEP:
                  MD5:7FC9A0094F2D96F184A53FB277B8BB1C
                  SHA1:484DE40EFEEE75F4441A43170449E8F8D739EDFD
                  SHA-256:A6134CAA6627C0A83B25490F3F0B0E767167F814837EC5B492A26F09B01A4CC5
                  SHA-512:A1613B2EAF32C6A8DD16C01CE23FF561E5F66BB50E16DFB9894041BBA50D5FF72DCE2F3BE7AB3A9712DC63EB38D8DD8AC23288E303A729B51AFAD10DACB2FB23
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,...............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s$x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 7 19:46:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                  Category:dropped
                  Size (bytes):2683
                  Entropy (8bit):4.010984313511605
                  Encrypted:false
                  SSDEEP:
                  MD5:4BA29626F46558177ED0F569E226E32C
                  SHA1:0793A2D9C13DDE06A1DF205C37D755C3D99C47AE
                  SHA-256:6921B82639BF2E2228C902DC003C69E5C3D4638786E6B35D31AB78BD6836882B
                  SHA-512:7F96E9199FA6F5D9D27AAE39D9A09BE32ACC4A090ED6C297AA0A4D0C3433724128EFA7BFB747469F085D3FA13A7BE92AB2D4DD1E5DE0BBCDFBF6F983ABF0B87C
                  Malicious:false
                  Reputation:unknown
                  Preview:L..................F.@.. ...$+.,................y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IGY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VGY.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VGY.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VGY............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VGY............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............s$x.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Microsoft Outlook email folder (>=2003)
                  Category:dropped
                  Size (bytes):271360
                  Entropy (8bit):2.921079865577623
                  Encrypted:false
                  SSDEEP:
                  MD5:A8173C78548B0B657463D0A7B19D6835
                  SHA1:AF13F5EA55BF6535F887521BE25ADFC4CF142280
                  SHA-256:14D784316BF1EAF95147233F6AFBCBFBEDAC29582E0464A3F712242B2D70521A
                  SHA-512:4F364F5872980795D360CC5E24E7A67211516D79389F756F5D755834EFCEDDEF028FC3FB4F8BC52E08BBE1C36C8B7FC1C6D37A0BE51177E63841896F12B9DCB9
                  Malicious:false
                  Reputation:unknown
                  Preview:!BDN~_d(SM......\...X...........<......._................@...........@...@...................................@...........................................................................$.......D.......n..............;...............8........................................................................................................................................................................................................................................................................................................K......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):131072
                  Entropy (8bit):3.466183073450759
                  Encrypted:false
                  SSDEEP:
                  MD5:E198ACDE4BF2051B00CBB3DE2E5CAD47
                  SHA1:CD7E5C408B3635DE3992356DB5E01DCEEA3CB9AA
                  SHA-256:63D92605E342042DF54A1843528EC3F642EDF6F8BEC3FD2B1C164993155A6304
                  SHA-512:EAE8606ADB5AEA56EEF165BEFF7647C7809FD3BA1735B1EE9AC7708454395380EA15CC870230E7C0C0B78D859FCCE66A6208E7317DB299FFF1979DE6028D8BDA
                  Malicious:false
                  Reputation:unknown
                  Preview:.*..C...a.............g.......................#.!BDN~_d(SM......\...X...........<......._................@...........@...@...................................@...........................................................................$.......D.......n..............;...............8........................................................................................................................................................................................................................................................................................................K....g..........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                  Chrome Cache Entry: 74

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                  Category:dropped
                  Size (bytes):5430
                  Entropy (8bit):3.6534652184263736
                  Encrypted:false
                  SSDEEP:
                  MD5:F3418A443E7D841097C714D69EC4BCB8
                  SHA1:49263695F6B0CDD72F45CF1B775E660FDC36C606
                  SHA-256:6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
                  SHA-512:82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
                  Malicious:false
                  Reputation:unknown
                  Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

                  Chrome Cache Entry: 75

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (1452), with no line terminators
                  Category:downloaded
                  Size (bytes):1452
                  Entropy (8bit):5.44365858088338
                  Encrypted:false
                  SSDEEP:
                  MD5:B21705165B45933815F11AFDD6046EDA
                  SHA1:EC76CC27068FDE711E64B21B5DFF0F9192462CFD
                  SHA-256:3A093D5EDC1B88E10B452629B5B57878A268729DC9F19931CCC6DFCB829D7659
                  SHA-512:EAA80269647847CBCA7E06E6B6380365C453C858AE305DD99BCA93FD86579DEFB4B1BE8F1889EC4821201AF45044E3CF609097B8900FCABC96ADCD83E277A4E2
                  Malicious:false
                  Reputation:unknown
                  URL:https://www.google.ca/url?q=https://sglrda.com/.drogo
                  Preview:<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Redirect Notice</title><style>body,div,a{font-family:Roboto,Arial,sans-serif}body{background-color:#fff;margin-top:3px}div{color:#000}a:link{color:#681da8}a:visited{color:#681da8}a:active{color:#ea4335}div.mymGo{border-top:1px solid var(--gS5jXb);border-bottom:1px solid var(--gS5jXb);background:#f8f9fa;margin-top:1em;width:100%}div.aXgaGb{padding:0.5em 0;margin-left:10px}div.fTk7vd{margin-left:35px;margin-top:35px}</style></head><body><div class="mymGo"><div class="aXgaGb"><font style="font-size:larger"><b>Redirect Notice</b></font></div></div><div class="fTk7vd">&nbsp;The previous page is sending you to <a href="https://sglrda.com/.drogo">https://sglrda.com/.drogo</a>.<br><br>&nbsp;If you do not want to visit that page, you can <a href="#" id="tsuid_1">return to the previous page</a>.<script nonce="_0BN5jUq2F0zMVDvoNPZaw">(function(){var id='tsuid_1';(function(){document.getElementById(id).

                  Static File Info

                  General

                  File type:RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with very long lines (425), with CRLF line terminators
                  Entropy (8bit):5.927071156508985
                  TrID:
                  • Text - UTF-8 encoded (3003/1) 100.00%
                  File name:[EXT] Completed_ AGI Approved and sign REF ID_nYhOPxd2qF.eml
                  File size:18'231 bytes
                  MD5:49ca0dad0a1956802cfcf71500a5ac77
                  SHA1:acda77f37b1f9cf496575119c4d6acfa1b65fd0c
                  SHA256:ad7dbdcedd5aa5010684d51e6e41f754fbe49dc352ccfe18fe83d290d3e550ac
                  SHA512:96275eb6eb5f07bb294d305934bbca8f57eca73edc4ab698a6063301293ae74289cf0f1620eeed83ac90eb91042fd2e8c5b4c20cfcb93cfaab9430e19c33fec2
                  SSDEEP:384:xJPr76gvOHndexxVyT9Q1YFJbf89DZ7VPCq:xJTGgvOHdkyhQK7bf89DZ7VKq
                  TLSH:7C823A51EB1128559DD3C2B6FE023F4E63650F6CE76BB290703A81AB068B1E5C77F642
                  File Content Preview:...Received: from MW6PR01MB8598.prod.exchangelabs.com (2603:10b6:303:24b::6) by.. SJ0PR01MB6222.prod.exchangelabs.com with HTTPS; Fri, 4 Oct 2024 20:02:37.. +0000..ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=m4QV7B5ZaCCE

                  Static Mail

                  General

                  Subject:[EXT] Completed: AGI Approved and sign REF ID:nYhOPxd2qF
                  From:SharePoint Online Notification <noreply@behanbros.com>
                  To:jim.antush@wieb.com
                  Cc:
                  BCC:
                  Date:Fri, 04 Oct 2024 13:02:27 -0700
                  Communications:
                    Attachments:

                      Headers

                      Key Value
                      Receivedby mx.zohomail.com with SMTPS id 1728072147586589.3778007486072; Fri, 4 Oct 2024 13:02:27 -0700 (PDT)
                      ARC-Seali=1; a=rsa-sha256; t=1728072149; cv=none; d=us.zohomail360.com; s=zohoarc; b=WaV9wpJaQ1boLjmMJ8wKnsoFCcoJQLiXy5etbpYdTjaHDFRvYWb1o5utO7Oq3kPUozNUb4xWqwDiUKDjdqZZOY1NfBexcUylvHBsHcfQSzOp9xngyUuDO268pG13ZiIm0BzCM4As5vSACaqdp5CmHsYiXAuk1wnlSHtycraBbmM=
                      ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=us.zohomail360.com; s=zohoarc; t=1728072149; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=2WtK7N4lHI828D2cYLIo1NCiRzilJiQz1sQPZ69llZk=; b=UKbQUyTYi5F30F8WRGUI7DPMduiXCMgoTe7kgC6j65Soj6gP2SbIKHhjypWfjDnzTBcx2n/6STb9d2YIaDJsbaj/RuYobsSMDUtkIylDESRGqya9p/MAhQhTdEE/aEEHUf6Y2AYFOt+UqhYuaSmBa3Ts4n6uBNLCebDVNCR4+kE=
                      ARC-Authentication-Resultsi=1; mx.us.zohomail360.com; dkim=pass header.i=behanbros.com; spf=pass smtp.mailfrom=noreply+93779f10-828b-11ef-9e9c-525400721611_vt1@bounce-zem.behanbros.com; dmarc=pass header.from=<noreply@behanbros.com>
                      Authentication-Resultsspf=pass (sender IP is 136.143.188.193) smtp.mailfrom=bounce-zem.behanbros.com; dkim=pass (signature was verified) header.d=behanbros.com;dmarc=pass action=none header.from=behanbros.com;compauth=pass reason=100
                      Received-SPFPass (protection.outlook.com: domain of bounce-zem.behanbros.com designates 136.143.188.193 as permitted sender) receiver=protection.outlook.com; client-ip=136.143.188.193; helo=sender4-g7-193.zohomail360.com; pr=C
                      DKIM-Signaturea=rsa-sha256; b=E7VowdCdqLzQmEiYpUHCeGer9NjX8Fx9jGozH8kIzy+WvxHVGwvwTOqfaznC2S5y3gx0Iu+jn9g8w3qFUqm3wmdsDoK6oE7ocMJCQLXc8w/wv2eTt0fLXhSQ9nPQ26CvkyGhu5GDtWzWKXOigjlgsqQiMtCDtVOc5wfNXwYtXKU=; c=relaxed/relaxed; s=2223225; d=behanbros.com; v=1; bh=2WtK7N4lHI828D2cYLIo1NCiRzilJiQz1sQPZ69llZk=; h=date:from:to:message-id:subject:mime-version:content-type:content-transfer-encoding:date:from:to:message-id:subject;
                      DateFri, 04 Oct 2024 13:02:27 -0700
                      FromSharePoint Online Notification <noreply@behanbros.com>
                      Tojim.antush@wieb.com
                      Message-ID<2d6f.1666ed262aa69c30.m1.93779f10-828b-11ef-9e9c-525400721611.19259205b81@bounce-zem.behanbros.com>
                      Subject[EXT] Completed: AGI Approved and sign REF ID:nYhOPxd2qF
                      Content-Typetext/html
                      Content-Transfer-Encodingquoted-printable
                      Content-Type-Origtext/html
                      Content-Transfer-Encoding-Origquoted-printable
                      Original-Envelope-Id2d6f.1666ed262aa69c30.m1.93779f10-828b-11ef-9e9c-525400721611.19259205b81
                      X-JID2d6f.1666ed262aa69c30.s1.93779f10-828b-11ef-9e9c-525400721611.19259205b81
                      TM-MAIL-JID2d6f.1666ed262aa69c30.m1.93779f10-828b-11ef-9e9c-525400721611.19259205b81
                      X-App-Message-ID2d6f.1666ed262aa69c30.m1.93779f10-828b-11ef-9e9c-525400721611.19259205b81
                      X-Report-Abuse<mailto:abuse+2d6f.1666ed262aa69c30.m1.93779f10-828b-11ef-9e9c-525400721611.19259205b81@zeptomail.com>
                      Message-ID-Orig<89c2b47d-3a67-4f71-3a9d-433bf82423e2@behanbros.com>
                      X-ZohoMailClientExternal
                      Return-Path noreply+93779f10-828b-11ef-9e9c-525400721611_vt1@bounce-zem.behanbros.com
                      X-MS-Exchange-Organization-ExpirationStartTime04 Oct 2024 20:02:30.6775 (UTC)
                      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                      X-MS-Exchange-Organization-Network-Message-Id 92def149-11a2-45eb-3169-08dce4af7a95
                      X-EOPAttributedMessage0
                      X-EOPTenantAttributedMessagea445b146-2a78-4930-ad1f-792c9971b2fc:0
                      X-MS-Exchange-Organization-MessageDirectionalityIncoming
                      X-MS-PublicTrafficTypeEmail
                      X-MS-TrafficTypeDiagnostic BL6PEPF0002256E:EE_|MW6PR01MB8598:EE_|SJ0PR01MB6222:EE_
                      X-MS-Exchange-Organization-AuthSource BL6PEPF0002256E.namprd02.prod.outlook.com
                      X-MS-Exchange-Organization-AuthAsAnonymous
                      X-MS-Office365-Filtering-Correlation-Id92def149-11a2-45eb-3169-08dce4af7a95
                      X-MS-Exchange-AtpMessagePropertiesSA|SL
                      X-MS-Exchange-Organization-SCL1
                      X-Microsoft-AntispamBCL:0;ARA:13230040|29132699027|30052699003|7062799012;
                      X-Forefront-Antispam-Report CIP:136.143.188.193;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:sender4-g7-193.zohomail360.com;PTR:sender4-g7-193.zohomail360.com;CAT:NONE;SFS:(13230040)(29132699027)(30052699003)(7062799012);DIR:INB;
                      X-MS-Exchange-CrossTenant-OriginalArrivalTime04 Oct 2024 20:02:30.3494 (UTC)
                      X-MS-Exchange-CrossTenant-Network-Message-Id92def149-11a2-45eb-3169-08dce4af7a95
                      X-MS-Exchange-CrossTenant-Ida445b146-2a78-4930-ad1f-792c9971b2fc
                      X-MS-Exchange-CrossTenant-AuthSource BL6PEPF0002256E.namprd02.prod.outlook.com
                      X-MS-Exchange-CrossTenant-AuthAsAnonymous
                      X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                      X-MS-Exchange-Transport-CrossTenantHeadersStampedMW6PR01MB8598
                      X-MS-Exchange-Transport-EndToEndLatency00:00:06.7229976
                      X-MS-Exchange-Processed-By-BccFoldering15.20.7982.029
                      Importancehigh
                      X-Priority1
                      X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                      X-Microsoft-Antispam-Message-Info 16dR8mvV8GBGjS7iegZ1VMgPKmN3nLxC3oFcGmv0jIhtNTDd1D4PkVQvmaNsLNTh8Tw5ab1Y5bI8Y++G/t4Mf+2ETCTSjO4UmE23G4mI3ccDU49d7XUvlEZLPb8++urNg++TGhtLFdZmaH7ZO7/X5nyoajkoegZ+tYjbHlGNhbgAkFeQy+HWpYhWGLm/9xVnGybh5MqZ9iGuMibslcDtK59WAW07zKCwPxiDI+O50FxPcBq4aAu0KOTWZNxYjNQ2NDe25ldoiEpxlKgv/pSIfzqCbUU/O3TOKk0cnRIs3sMSrSPOXwVtpFl1oz04lGuIqL0WtwYIRKJpGH4C5pMLmzw+afgM71FnjPiG9aEeEDcX6pd6R2lYOOukH9tftz423CuIQt8WNawFHsTYBWmkKoXOdZ8YZnFaymPkXaBi1ozEGBt4+3PtHJC5ABmoDO7r8J+QJpnrzBYbDgHHQUIXFfr8AEGTcTwFj6BQuBWsvodM11PVP2CbmAMa5qULxuivhh7ZGeZXmYiJA3qMw3cGQ1lvwIXIXc9OCYa7Kbl5eryGDiH4HShPQj+uKmdFaVo4WZhNEitNp7dusy3BpQ4/fBo2GOlCG4zDge7pn7T2jVHQI3H8W/togpu5O472gX+tKrbUP0ggqBT+xvM/aqmxEMm53ql3Qy5UuH1+Tx8eJXPaUpQF3TGAthgUCQIFF/Gcb9dFz4uUFXf2I9zNlLZZdA9RSiTAimzHqaAam+cl/Moxj/g18SBhu6ldXcFKiuSiAJUuLehByooNRIPcaPNF70x7faKdQ/WrzjfTIeZlKUJrBg4XSaH8Pqnp9Xgc5HZS7/k7UWOH1cAPLvT2Lk1dFHcxtpOGon7JF3TBGTSZU7wQrVYijVz6ihlQLtHh6SwH0QOkDKYb22m1eebpKr3vRr/d5Cu9KNo0AGH7qn+yt+3c/fH/X4zIaM7/avcDQ8mW1cKGFkh5y9BfrYOKeg7UetPqIv0Id2ziX/zsLwQn2trb5tejFe1YEPC9m/kE32l1y2UARciwsmimqI+5jnsPlHkszb/nEKVKYJ0VtjmWWTW3+gYTBpdmac0tr71epI00mNKfe/8iS7kWVLCWhjnPLpP6hnsNY0ApOJdiT9dRcArjL385jOZzE9YAFIy7K6H/NomPpT/JjmrF+dzFpax2TKP+bZ6iRAsHFUpbbdXxvfvpflNvu5kYl20eOA9sXa23PJ6G14+tNOoYU9QGjspLGDnwdVeRWFd7SCSvqfHqLPoKvqM9gly7M1Pk7g2QqlNEflMKwQIM8FqEwRvWMGG8xnDRs5CUT3bqE8f7Cqm2XPznYmKS8Y5MYeVbE2a2uW1qUlpUxVGdI6ADzeRIT2MRXXUzSzipVHc+iB/g248/vexEAWrgq7N8nCMDTJJ08OPYnTLQlbxCMBMwabTQ1lJF1PyPJvdkrzFz6Z+jt07ZWRmGcgUZ7hP9T1VQpGYE+lYqOrrCtkcJt6xyPq7d3k/xCNExfkx52kkAjs+NrijerSmxw29a11EzQ5NqG9/925PPVIlrJymsWqEMJeVIblMVIoSvX1JiZGfOaTsktGtb0hUERwPe9MbRBdOJu4MlKXXblvH4hYK1IvqLXVqRR0nEKaJGVDmbhK9JPl5IOxQn4FFrwX8X7CRCn8Kjqm8CxPXNxqYQJpvAa75p7JB/xapsm4C6bf0whqnL9X76Np+DuxLCmwwyXtiYEegzVtuRumFIKsSMnjeG1GhU0MwPyyKRstpwcG8cbIA7yfXmudq066O9NIkTX9liqOTZ+VDDa50vU+QL9e1PBZTNPf4521V/i9XB8rLhzTfZEf1yWOHgTzmNkKwCCT2cPrOa0XAr2JzvbuOjUpuoEHGuuDI9rpGRJIuAHVIrSllRHBUxGK5Oj8IZM0g2LJhErqKM2ucceamo6O/IHnT7QrAY6M2qjesXfZKNmuHLuFg4IZ5aQsYty+8A/ot9YbvIbhjFDTE2PY/4+ExuDlISzEftW5px9hM96yMHRXANXi4gusnCs1x+dZnqbHKjN9FR13zE3ma8Bap287qsUHm21rzuOs7S+ADo+jUHvz6PUo/d3a2/bkXy2jQqUk9O2sLz+7JrywJ5588Iqaft8ZzAxBPJAlLTfKnJtDnNeHnERAnBZI5MkP4ZRIDf8IaaxB8MCGAS75WWVW2j8YPnjGnWCrLdIU364iioew==
                      MIME-Version1.0

                      File Icon

                      Icon Hash:46070c0a8e0c67d6