Windows Analysis Report
Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg

Overview

General Information

Sample name:	Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg
Analysis ID:	1531082
MD5:	398072dc6ec7dfadffda31e9168ee01e
SHA1:	0f643d9b647ce5db62d9e68bf55dc5e33bbb3999
SHA256:	2b5de44e3a9303b32f29bc0d182f5715e8b0b717466e966479e3206cfe091a5f
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected landing page (webpage, office document or email)

HTML body contains low number of good links

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Stores large binary data to the registry

Classification

Signatures

Phishing

AI detected phishing page

Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/

LLM: Score: 9 Reasons: The brand 'Federal Aviation Administration' is a well-known government agency., The URL 'login.huddle.com' does not match the legitimate domain 'faa.gov' associated with the Federal Aviation Administration., The domain 'huddle.com' is unrelated to the Federal Aviation Administration, which raises suspicion., The presence of an email input field on a domain not associated with the Federal Aviation Administration is a common phishing tactic. DOM: 1.5.pages.csv

HTML body contains low number of good links

Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955

HTTP Parser: Base64 decoded: naU_JTWDX\WM1GDJPFX]]@\U

Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: Iframe src: javascript:false
Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: Iframe src: javascript:false

Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955	HTTP Parser: No favicon
Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No favicon
Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No favicon
Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No favicon
Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No favicon

Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No <meta name="author".. found
Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No <meta name="author".. found

Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No <meta name="copyright".. found
Source: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.11.206.59:443 -> 192.168.2.17:49771 version: TLS 1.2

HTTP GET or POST without a user agent

Source: global traffic

HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.18.70.113 104.18.70.113
Source: Joe Sandbox View	IP Address: 216.198.54.1 216.198.54.1

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.73

Source: global traffic	HTTP traffic detected: GET /workspace/1189459/files/ HTTP/1.1Host: avp100.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MgFfPwO4RwD58wp&MD=7N1b1yk3 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955 HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://avp100.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/css/assets/fonts/fontawesome-webfont-v3.2.1.woff HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://login.huddle.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/css/styles.min.1452.css HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/js/vendor.min.52642a88.js HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/js/app.min.1452.js HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/js/vendor.min.52642a88.js HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /nr-632.min.js HTTP/1.1Host: js-agent.newrelic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/js/app.min.1452.js HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customisation/logo?subdomain=avp100&callback=_jqjsp&_1728585345266= HTTP/1.1Host: api.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /localisation/cultures/categories/identityui?callback=_jqjsp HTTP/1.1Host: api.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /nr-632.min.js HTTP/1.1Host: js-agent.newrelic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /customisation/logo?subdomain=avp100&callback=_jqjsp&_1728585345266= HTTP/1.1Host: api.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login?accessRequestId= HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /localisation/cultures/categories/identityui?callback=_jqjsp HTTP/1.1Host: api.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login?accessRequestId= HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="6bea2439-19a3-4fca-8445-72a634b8fd71"
Source: global traffic	HTTP traffic detected: GET /login/entry?access_request=93921932-863b-4ff1-adf8-ebd1dab6991b HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: /X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /embeddable_framework/main.js HTTP/1.1Host: assets.zendesk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login/entry?access_request=93921932-863b-4ff1-adf8-ebd1dab6991b HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /res/9824fab9-3605-43b9-a635-c6fc23fbfb45.ashx?login-logo.jpg HTTP/1.1Host: avp100.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-ios.svg HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-android.svg HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-windows.svg HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-mac.svg HTTP/1.1Host: login.huddle.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /ekr/asset_composer.js HTTP/1.1Host: static.zdassets.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://login.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-ios.svg HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-android.svg HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /ekr/asset_composer.js HTTP/1.1Host: static.zdassets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /compose/web_widget/huddle.zendesk.com HTTP/1.1Host: ekr.zdassets.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://login.huddle.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://login.huddle.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-windows.svg HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /user/css/assets/marketing-buttons/badge-mac.svg HTTP/1.1Host: login.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sectok="a5658d5c-8933-4416-896c-7963877a79df"
Source: global traffic	HTTP traffic detected: GET /res/9824fab9-3605-43b9-a635-c6fc23fbfb45.ashx?login-logo.jpg HTTP/1.1Host: avp100.huddle.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /compose/web_widget/huddle.zendesk.com HTTP/1.1Host: ekr.zdassets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web_widget/classic/latest/web-widget-main-cbf609b.js HTTP/1.1Host: static.zdassets.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web_widget/classic/latest/web-widget-main-cbf609b.js HTTP/1.1Host: static.zdassets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web_widget/classic/latest/web-widget-locales/classic/en-us-json-cbf609b.js HTTP/1.1Host: static.zdassets.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /embeddable/config HTTP/1.1Host: huddle.zendesk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://login.huddle.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /embeddable/config HTTP/1.1Host: huddle.zendesk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /web_widget/classic/latest/web-widget-locales/classic/en-us-json-cbf609b.js HTTP/1.1Host: static.zdassets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MgFfPwO4RwD58wp&MD=7N1b1yk3 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAASFycsIWHYJTbTZ4bfq6JUV/89wEHeuqoueePJYoLl1OwI5L3cqee%2BLEpbOBTPGZDOVL3I4Xz8/RcBJwaQzXzYUAcqE0AHvWMFJUAUlnAArXDPmKqBQTscKz/8gOsiCLB0KhY42TOkuGgT6FWGkF62tlge1z1avv9LdWkM/PA7xjgQXHVkhaMr/VOeKyy%2B8FWGY7HnGTXmf5ooatHZoVM5tWG3ZSmX4v/WEwjVnRwFxNSk92vJ4lIPz8YMcMSlszfM0%2BSrU4LktE3vpC8BcvJq/mhWGBQkbPd1i5w7OM0z1kIQyovv3LLFoboxm4dhXpHTCYIE4Ads6Y0KItCB413B4QZgAAECgkJFNYMOxy4wEsOcHNhZ2wAddKGrWRuajsHBlLMEXMzvwRSf9JqB8LET1uO9N0qwrfdI80H7oV6R9cAH%2B5tqhC%2Btv5bTVeCKTh8sENrbvEEWNTvP1Brcevr%2BuYS2GdeMlZmZ97nVnnxnsi5j8uKlIi6OtZxm3gu51bLnhpmxNVjO3006J/WoIKCsdrz7zLK4qTq6WCaJFuao8yRO4T%2B4p8lsMHubzwGx9Z9CWEAJNeDAw3rr5b%2BrIhU7oKJ2HAuzF50C57/94Ixe/QPhWgWh8fgptHB971vv5Ou4LpM%2BT30FHrwKFpu37/TXPEU4RLrOBjq1RRTGgyM86Fu6JR2PQ7S7D4lRMVJ3L/eT0ZZ4JvJWntFj58o6nB/alRN3uePf0NZWZd0t6oH2bTTapqPQ05XfR8/WoW7AdKEiSlDwOnJBmgOz6nJUda9qJl%2B4fW7ZC74iqk%2BrgTgcQBuOR0VM%2B4nG5ipQWSmXc7h0ckGx9LsGUYAUUReJfBBdmXaFsLb6HbCLqW//WU7oXZAQm3v1J1drZoSWfIKFLnSnCYORyGEAclNlqUihlTo8iYbeMNzcIuwMM81/Btjhp8URJNDzMScdcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1728585385User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: 13379A1CC5D2439BA17891CA39F51146X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B

Source: global traffic	DNS traffic detected: DNS query: avp100.huddle.com
Source: global traffic	DNS traffic detected: DNS query: login.huddle.com
Source: global traffic	DNS traffic detected: DNS query: js-agent.newrelic.com
Source: global traffic	DNS traffic detected: DNS query: api.huddle.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: assets.zendesk.com
Source: global traffic	DNS traffic detected: DNS query: static.zdassets.com
Source: global traffic	DNS traffic detected: DNS query: ekr.zdassets.com
Source: global traffic	DNS traffic detected: DNS query: huddle.zendesk.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: chromecache_115.9.dr	String found in binary or memory: http://creativecommons.org/licenses/by/3.0/
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: chromecache_115.9.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_115.9.dr	String found in binary or memory: http://fontawesome.io.
Source: chromecache_115.9.dr	String found in binary or memory: http://kyruus.com
Source: chromecache_115.9.dr	String found in binary or memory: http://opensource.org/licenses/mit-license.html
Source: Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg	String found in binary or memory: http://schema.org
Source: chromecache_115.9.dr	String found in binary or memory: http://scripts.sil.org/OFL
Source: chromecache_115.9.dr	String found in binary or memory: http://twitter.com/davegandy
Source: chromecache_115.9.dr	String found in binary or memory: http://twitter.com/fontawesome.
Source: chromecache_115.9.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_116.9.dr, chromecache_98.9.dr, chromecache_121.9.dr, chromecache_96.9.dr, chromecache_100.9.dr, chromecache_102.9.dr, chromecache_123.9.dr, chromecache_113.9.dr	String found in binary or memory: http://www.bohemiancoding.com/sketch
Source: chromecache_124.9.dr, chromecache_97.9.dr	String found in binary or memory: https://api.huddle.com/rest/customisation/logo?subdomain=avp100
Source: ~WRS{91DDFA33-440A-44BA-8DB5-0140BC4A5508}.tmp.0.dr	String found in binary or memory: https://avp100.huddle.com/res/9824fab9-3605-43b9-a635-c6fc23fbfb45.ashx?login-logo.jpg
Source: ~WRS{91DDFA33-440A-44BA-8DB5-0140BC4A5508}.tmp.0.dr	String found in binary or memory: https://avp100.huddle.com/workspace/1189459/files/
Source: Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg	String found in binary or memory: https://avp100.huddle.com/workspace/1189459/files/#/folder/4319955
Source: chromecache_106.9.dr, chromecache_107.9.dr	String found in binary or memory: https://developer.zendesk.com/documentation/classic-web-widget-sdks/web-widget/getting-started/legal
Source: chromecache_95.9.dr, chromecache_119.9.dr	String found in binary or memory: https://ekr.zendesk.com/compose_product/web_widget/cbf609b2dfb3cf337c37e8e93f118288d11f355b?features
Source: OUTLOOK_16_0_16827_20130-20241010T1435330661-6944.etl.0.dr	String found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241010T1435330661-6944.etl.0.dr	String found in binary or memory: https://login.windows.localrosR
Source: chromecache_95.9.dr, chromecache_119.9.dr	String found in binary or memory: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-cbf609b.js
Source: Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg, ~WRS{91DDFA33-440A-44BA-8DB5-0140BC4A5508}.tmp.0.dr	String found in binary or memory: https://us.huddle.com/myhuddle/profile.aspx?WebFeeds=1

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.73:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.100.63.156:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.17:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.11.206.59:443 -> 192.168.2.17:49771 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.winMSG@17/77@32/11

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4AE037F2-F682-43BD-B677-F9DD98FD1808" "838F29C9-1758-47F6-976A-97D89964306D" "6944" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://avp100.huddle.com/workspace/1189459/files/#/folder/4319955
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2080,i,2313067344593807637,7431847318301714659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "4AE037F2-F682-43BD-B677-F9DD98FD1808" "838F29C9-1758-47F6-976A-97D89964306D" "6944" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://avp100.huddle.com/workspace/1189459/files/#/folder/4319955	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2080,i,2313067344593807637,7431847318301714659,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll	Jump to behavior

Source: Google Drive.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.8.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Email	LLM: Page contains button: 'View Team A Pictures and Presentation' Source: 'Email'
Source: Email	LLM: Email contains prominent button: 'view team a pictures and presentation'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
52.23.1.4	unknown	United States	14618	AMAZON-AESUS	false
18.210.252.197	aws-uslive-web-public-elb-1943012778.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
3.93.32.136	unknown	United States	14618	AMAZON-AESUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.70.113	cf.zdassets.com	United States	13335	CLOUDFLARENETUS	false
216.198.54.1	huddle.zendesk.com	United States	7321	LNET-ASNUS	false
216.198.53.1	unknown	United States	7321	LNET-ASNUS	false
104.18.72.113	static.zdassets.com	United States	13335	CLOUDFLARENETUS	false
162.247.243.39	js-agent.newrelic.com	United States	13335	CLOUDFLARENETUS	false

Name	IP	Active
static.zdassets.com	104.18.72.113	true
huddle.zendesk.com	216.198.54.1	true
cf.zdassets.com	104.18.70.113	true
js-agent.newrelic.com	162.247.243.39	true
ekr.zdassets.com	104.18.70.113	true
www.google.com	142.250.185.132	true
aws-uslive-web-public-elb-1943012778.us-east-1.elb.amazonaws.com	18.210.252.197	true
assets.zendesk.com	unknown	unknown
avp100.huddle.com	unknown	unknown
login.huddle.com	unknown	unknown
api.huddle.com	unknown	unknown

Name	Malicious	Reputation
https://login.huddle.com/user/css/assets/marketing-buttons/badge-windows.svg	false	unknown
https://login.huddle.com/login	false	unknown
https://static.zdassets.com/ekr/asset_composer.js	false	unknown
https://login.huddle.com/user/js/vendor.min.52642a88.js	false	unknown
https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955	false	unknown
https://js-agent.newrelic.com/nr-632.min.js	false	unknown
https://login.huddle.com/user/css/assets/marketing-buttons/badge-ios.svg	false	unknown
https://ekr.zdassets.com/compose/web_widget/huddle.zendesk.com	false	unknown
https://login.huddle.com/user/?subdomain=avp100&ReturnUrl=https%3A%2F%2Favp100.huddle.com%2Fworkspace%2F1189459%2Ffiles%2F%23%2Ffolder%2F4319955#/	true	unknown
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-cbf609b.js	false	unknown
https://login.huddle.com/user/css/assets/marketing-buttons/badge-mac.svg	false	unknown
https://avp100.huddle.com/res/9824fab9-3605-43b9-a635-c6fc23fbfb45.ashx?login-logo.jpg	false	unknown
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-cbf609b.js	false	unknown
https://login.huddle.com/login/entry?access_request=93921932-863b-4ff1-adf8-ebd1dab6991b	false	unknown
https://login.huddle.com/user/css/assets/marketing-buttons/badge-android.svg	false	unknown
https://login.huddle.com/user/css/styles.min.1452.css	false	unknown
https://login.huddle.com/user/js/app.min.1452.js	false	unknown
https://avp100.huddle.com/workspace/1189459/files/	false	unknown
https://api.huddle.com/localisation/cultures/categories/identityui?callback=_jqjsp	false	unknown
https://login.huddle.com/login?accessRequestId=	false	unknown
https://login.huddle.com/user/css/assets/fonts/fontawesome-webfont-v3.2.1.woff	false	unknown
https://api.huddle.com/customisation/logo?subdomain=avp100&callback=_jqjsp&_1728585345266=	false	unknown
https://assets.zendesk.com/embeddable_framework/main.js	false	unknown
https://login.huddle.com/favicon.ico	false	unknown
https://huddle.zendesk.com/embeddable/config	false	unknown

ID:	1531082
Product:	CloudBasic
Start time:	20:35:01
Start date:	10.10.2024
Sample:	Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	398072dc6ec7dfadffda31e9168ee01e
SHA1:	0f643d9b647ce5db62d9e68bf55dc5e33bbb3999
SHA256:	2b5de44e3a9303b32f29bc0d182f5715e8b0b717466e966479e3206cfe091a5f
Filetype:	Outlook Message (71009/1) 58.92%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	data	318366C75D4CABBDAA5740F99F6AED22	9E233A5B98AAC0D2768A6B7E449217AB9E48BB54	FC41CB74B76760AE5930481467028EA72FE4F9C5C3A34147C819CFA713FED1FC
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT	data	16322847C186401B4E3FE54A189932A9	9CE692D686DEE8426D81416B077AFC3E8EB8E1D5	F7CDD7EB5306866E7DA1ABE738B96125B8A626DE6A29638EE11FAE7A9C191860
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin	ASCII text, with very long lines (65536), with no line terminators	CC90D669144261B198DEAD45AA266572	EF164048A8BC8BD3A015CF63E78BDAC720071305	89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin	ASCII text, with no line terminators	D76729CA6A39A60AED8CA0A8A0F80F52	1441A43C1E52AF25BF44112367CAE66E843AC1E8	488B682927F88FE8FC0252A8F2A94A6D9B61B1EA947A22B61F6051AEE719067C
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db	SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2	F138A66469C10D5761C6CBB36F2163C3	EEA136206474280549586923B7A4A3C6D5DB1E25	C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal	SQLite Rollback Journal	090FC400C59C0AB6DFD40AFE4CAB1288	CEF18D31A65831AEB7185F66A3F684D24CE08036	0D761714CB37BFC3685199118D483082E8217B08927300278A317C4A1EBE2626
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm	data	39415BC106772BA96B5C26AB4EC56E58	7E0E21755D7C3D0751A0DF117C97FA6A6CC18140	BF8749936E2AA645AC4B78EA0C0AEB2AB1DB37B316B291B391A03BDB75435F34
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal	SQLite Write-Ahead Log, version 3007000	20FAD4494BD34185AC66C4E1A835BD9B	B96150A929CB57079B6D30DC9E0C0AAE2820F140	DE6833491B6D2361C9B0F1E5390477707C100189893C607858A8613096E0D8FB
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres	data	FF36510FB31BC5E156374F7044DDA7C1	062251F60084F92FE6434580CC0EB491695F4B1C	FF55725727EE511495CCB27EEC724524CF2A373D45319FDBEA6B8BE2FD22DC4A
C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres	data	DCDFA24A7FA57F610380880A7CECF7D1	E19128B35133100A712D3B990C28C30BFB89795D	4954A9F27BB6187BED17E3490E73C278B612BC1EAD14F5F79E02E2F3701D4C94
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8573189E.dat	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 140x140, components 3	B698B3B9DDB67F98F8A7C417E998DFA7	1AEFB7C8C75CEC32712757223310C54F7CF2734A	E3E8322826180EA9C071794C7318F88EE16C56E8654DC088FAB5BE0645199C6B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{91DDFA33-440A-44BA-8DB5-0140BC4A5508}.tmp	data	BB951A8C5CA1F695C275110903542030	4343F9735C4431227466975CCBE359C0E0DB006C	C34C879A508E7721E559363ECB4DFFDE053B475ECAEC1AA0F8A084E862940948
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728585333934607200_13D7860A-7640-4B78-A10B-3D2000F80CF5.log	ASCII text, with very long lines (859), with CRLF line terminators	2AD635EA4577AD55482141162C923D62	7D4988575FC76BE34AB2BE536EBE20BA4EEFD409	1F00FE66F610A67C7688F83433099C1174148D0B6A050A8B0E7B453137E0D265
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728585333935677900_13D7860A-7640-4B78-A10B-3D2000F80CF5.log	data	8F4E33F3DC3E414FF94E5FB6905CBA8C	9674344C90C2F0646F0B78026E127C9B86E3AD77	CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T1435330661-6944.etl	data	C750D71C3ADDA8FFA66E6DE1DD151B2D	67E52B2B0EDC6E4BC743E6999B7D742A9090AC89	1195D57723421BB7AC70A5E58ABA54408D22E4FD0B42CBB7853DCCEB150E7064
C:\Users\user\AppData\Local\Temp\~DF33FEA0AC0848533B.TMP	data	AA4DE25D3A37031EC09D5355DBBE04CA	31895684936002E3DF65E2FAA7A4E6004DBC5364	533461EE5362537AA229DBDC977C012979A270D4E7AAB0AD0513887F258EC40D
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl	data	0413F5DC3B641BA1416B9B8068FF9ECA	A0A99C2C726001BCEC067382184D214D089D7859	3C6B1E08F2D760C4DA5B237C5AB0FCFB89C54ABA5C59245465FCABB0D490A79C
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs	Composite Document File V2 Document, Cannot read section info	8DE2202DDD26A481F4D114AAA5F72E4D	1EDEC6539740234812A0583C8A668D4F56E901CB	AD3B0A9D3E525F576D0EF53E5F15F6A3106D882818D3D3BCAF90D1F120C09459
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:35:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	2F3D929228C4280ECA1701183B5154B7	21CC4E25096F78A078E47CE24137BF879B6A8FCB	499B35EE2CB1E2BA6B6872BA22BEE16E1E79CF3FD8A8FD5D675B97FC82B6AE2D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:35:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	999585F3A4E32F9042A7468ABB144612	DD81EB8E86AF34D0F65D3FAF349D74A5A4009646	69302F3790F81CEC603FCAA5F687A74617EF21624178D13CFD6FAD4AD9605F2B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	7D5ED5DA224C263276BB176F49A87D09	7C3295C09EC7DF0B25E6970B513EE12FFE0ED1EA	0AE6A4B9B3E58F45EFDCC2A8D6C7BF3429D2E3532EC2DD28CA5A40B59485EE2D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:35:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	4A4F9C8DDC4A26F3C1A39CF6A07B503F	4A1BC4DD61D80234DF73633C9FE3AAAD86F51247	F24C41CE8B5392A25C64F723C501CDAAF261EE669374C9996EE3721C1657604A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:35:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	520672B447A6255D3F484AFCCB45502A	9CDA66ED67ECE8758A753C969A1CDEAB686A7F72	AB72003A2D10DDB4B2ABB34CF006C2DD9DA6ECD24BD1609E309008A7A89D558F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:35:43 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide	4861B6F0DA4C9D10605B0C8317EC5152	290FBC8FAF967D3327971EEDD969B2A6C2FCFBF8	7A6D4023101E784AA71EEE6356F4401FB24A1AEC873E9FD89E339F65418706DF
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	Microsoft Outlook email folder (>=2003)	FE490268FDD871F33BA40D6D62B694DD	BD39826617E057321E51AFA04900074681CF3E01	F48B0A1AF0C9902FFF01D9FFBC4E43E1EF049E1AC800B1793210341223A30374
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp	data	0368858F563A66C7EBB92D60DD78265C	B0149195F85CB6B1EFDE03C1A322AF1743F30A78	CA6F578453CF74FC84EE83B2FB6B2814F6C86621CFC9FF28BE0E0E35C0141975
Chrome Cache Entry: 100	SVG Scalable Vector Graphics image	83F535CED5E77B848476B8A431577B15	50D3300313FBFA609A87B45440E3ADF6B5D11A59	5AA075B01D61489421CC0EAB6CD69FE7A28B1CFB5937C898AA0CD5C93E79A19A
Chrome Cache Entry: 101	ASCII text, with very long lines (10215), with no line terminators	D90DBB2A9F98C3C53CD0F1D480381E2E	8B084D3CE74782BB402A57E2FCEE067C848EEE7B	D5E73AE42ED4F068014F2AC26F036966E4997AA1FD32C2182859E3163DD1F71A
Chrome Cache Entry: 102	SVG Scalable Vector Graphics image	65468EA6BF663935FF6B7E8588986DB4	0B032B0427697CEC536E7709DCC9710907F2C7D5	0D14747BF285A0F9C3410BBF4771F6FA3FE9D6A49A210A4B7157B728A868AE3B
Chrome Cache Entry: 103	Unicode text, UTF-8 text, with very long lines (65490)	52642A88598326B19795FC34A4722823	06D2C08BAABCC2EB55C8EF9FE24DCDF5FAEF670D	7C0E7571144283E1DA89211D72FB1E35360D163C865E415FA400DCEB9B6D385B
Chrome Cache Entry: 104	Unicode text, UTF-8 text, with very long lines (25701), with no line terminators	EF48436BF7997A9FED0856CD3DF28C0F	413D809A8680F59BC72EE16FB46DF88350055C67	B87B92CD9B2943BCC97A64011EB833EF4205009327EAFFE17DB1CD001AE9ECC8
Chrome Cache Entry: 105	ASCII text, with very long lines (65492)	21B93573F700188F41D60231812C65D7	D361F359D49F2B8A81C424C771645D282AB3F265	9F6823EFB5B77FCA389976A167BB5977E9EE7BA81D0C2C144E198BC6CF17DADB
Chrome Cache Entry: 106	ASCII text, with very long lines (65307)	07AEC65EB3477704556F6CF3F106F8FB	A8FD30E66ACF8BB2299DC01223AAD67149EEB751	0A4ADE685B6856DE52182B225D4C621764825A5EDAFEBEC1BD7DFD0BB9D966F1
Chrome Cache Entry: 107	ASCII text, with very long lines (65307)	07AEC65EB3477704556F6CF3F106F8FB	A8FD30E66ACF8BB2299DC01223AAD67149EEB751	0A4ADE685B6856DE52182B225D4C621764825A5EDAFEBEC1BD7DFD0BB9D966F1
Chrome Cache Entry: 108	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 500x90, components 3	8D62845537A98EAB5527F5667C31711A	AFCA1F08A2652CB3293BD7BB324C82FCEA9F8ED5	EB833FDDD2179CCAD9FC998CD33C854730FFF2E4DA7A5FEC5AC46E027E993A12
Chrome Cache Entry: 109	Unicode text, UTF-8 text, with very long lines (370), with CRLF line terminators	67B4AA163D9B70EA3FDB0F03E1907B2A	140E2BBCDAD162F13C330A8F6B8F7131CB36358F	009CE457784C3DEE45BACB3C4C746AEFEEA70607C6B4991D8A18DA4C9587DC30
Chrome Cache Entry: 110	ASCII text, with very long lines (22469), with no line terminators	F9CDCB1E4B2BE3825B6DFCBD33DEFF25	2CBBC0BE7B002F270A17D2E4B1A17A52FB456D9A	C28F3FCFA4E839D67ED83A489CA461CF6C3182C47D1A35E7EB719DEBA23F9106
Chrome Cache Entry: 111	ASCII text, with no line terminators	21A867825AE7B03B0F982AF87EECF37A	57B48DAB9D451AB812F4F0F0C749311397D1F50C	842F52A26DD358B654C23B0CD7D7A9E0BE4C3CA93340AD37FA289FEBE36D6016
Chrome Cache Entry: 112	JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 500x90, components 3	8D62845537A98EAB5527F5667C31711A	AFCA1F08A2652CB3293BD7BB324C82FCEA9F8ED5	EB833FDDD2179CCAD9FC998CD33C854730FFF2E4DA7A5FEC5AC46E027E993A12
Chrome Cache Entry: 113	SVG Scalable Vector Graphics image	D363DCF04761E8DFDE2A143F0207CFE9	87C72CA3B6AB4662AE8AE6DE73FDF4A28E776664	25B5CAB5277CDEE51DDC4E02DDECF381F9751BB4E9667A52793B52E26E788141
Chrome Cache Entry: 114	Web Open Font Format, TrueType, length 43572, version 1.0	B683029BAFE0305AC2234038A03E1541	12F8C193902E99348493ACE32E498031BF79B654	18E6B5FF511B90EDF098E62AC45ED9D6673A3EEE10165D0DE4164D4D02A3A77F
Chrome Cache Entry: 115	Unicode text, UTF-8 text, with very long lines (62479)	20A11AD279BD2CE61C1C1ACD00677929	A99DE2CC29098D8CDBAE8B8B06AE045A7BBED24A	6F13E95D06A700131141F9B4015379D7F11BE7C11CC670A586A5874A1C3D884E
Chrome Cache Entry: 116	SVG Scalable Vector Graphics image	DD7FAA4B94A273A74ECBB723BC13CD1D	50327970F9B0626895637A09F1695FD9945F2B1B	FC1DF37ECAFEF40A0B57C39984BC8B1631A1A00C30E2EF6ED7A5539DD51BA488
Chrome Cache Entry: 117	ASCII text, with very long lines (10215), with no line terminators	D90DBB2A9F98C3C53CD0F1D480381E2E	8B084D3CE74782BB402A57E2FCEE067C848EEE7B	D5E73AE42ED4F068014F2AC26F036966E4997AA1FD32C2182859E3163DD1F71A
Chrome Cache Entry: 118	JSON data	36E7226DE03883057AF84C931DEE6829	ABA631AD5D3DDD543D5B195815371830075BF0FE	329B4FFD5CDF528698B44FF1C66D5D6434C169C4F9220FA3FE60B03B6BE31658
Chrome Cache Entry: 119	JSON data	72A70943AFA489A963A2093EC66312D1	5F3F462A27674DE1045FE6DA94B123F54D68651C	76B8B6F046E8BA2E8094DA7CBA39D6893511A0A5C6FD7467E0AF747B4535251B
Chrome Cache Entry: 120	ASCII text, with very long lines (65492)	21B93573F700188F41D60231812C65D7	D361F359D49F2B8A81C424C771645D282AB3F265	9F6823EFB5B77FCA389976A167BB5977E9EE7BA81D0C2C144E198BC6CF17DADB
Chrome Cache Entry: 121	SVG Scalable Vector Graphics image	65468EA6BF663935FF6B7E8588986DB4	0B032B0427697CEC536E7709DCC9710907F2C7D5	0D14747BF285A0F9C3410BBF4771F6FA3FE9D6A49A210A4B7157B728A868AE3B
Chrome Cache Entry: 122	Unicode text, UTF-8 text, with very long lines (25701), with no line terminators	EF48436BF7997A9FED0856CD3DF28C0F	413D809A8680F59BC72EE16FB46DF88350055C67	B87B92CD9B2943BCC97A64011EB833EF4205009327EAFFE17DB1CD001AE9ECC8
Chrome Cache Entry: 123	SVG Scalable Vector Graphics image	DD7FAA4B94A273A74ECBB723BC13CD1D	50327970F9B0626895637A09F1695FD9945F2B1B	FC1DF37ECAFEF40A0B57C39984BC8B1631A1A00C30E2EF6ED7A5539DD51BA488
Chrome Cache Entry: 124	ASCII text, with CRLF line terminators	1522BA4FCB94E644B32546655E38A0A9	236D203DBFBFBF6CD0381BEF49F8420073341A47	AAF53092EA7CA0E26C8C57DE53245C2736B05F6A57CB7D53A407B7E1FB2A5246
Chrome Cache Entry: 125	Unicode text, UTF-8 text, with very long lines (370), with CRLF line terminators	67B4AA163D9B70EA3FDB0F03E1907B2A	140E2BBCDAD162F13C330A8F6B8F7131CB36358F	009CE457784C3DEE45BACB3C4C746AEFEEA70607C6B4991D8A18DA4C9587DC30
Chrome Cache Entry: 93	ASCII text, with very long lines (22469), with no line terminators	F9CDCB1E4B2BE3825B6DFCBD33DEFF25	2CBBC0BE7B002F270A17D2E4B1A17A52FB456D9A	C28F3FCFA4E839D67ED83A489CA461CF6C3182C47D1A35E7EB719DEBA23F9106
Chrome Cache Entry: 94	JSON data	36E7226DE03883057AF84C931DEE6829	ABA631AD5D3DDD543D5B195815371830075BF0FE	329B4FFD5CDF528698B44FF1C66D5D6434C169C4F9220FA3FE60B03B6BE31658
Chrome Cache Entry: 95	JSON data	72A70943AFA489A963A2093EC66312D1	5F3F462A27674DE1045FE6DA94B123F54D68651C	76B8B6F046E8BA2E8094DA7CBA39D6893511A0A5C6FD7467E0AF747B4535251B
Chrome Cache Entry: 96	SVG Scalable Vector Graphics image	83F535CED5E77B848476B8A431577B15	50D3300313FBFA609A87B45440E3ADF6B5D11A59	5AA075B01D61489421CC0EAB6CD69FE7A28B1CFB5937C898AA0CD5C93E79A19A
Chrome Cache Entry: 97	ASCII text, with CRLF line terminators	1522BA4FCB94E644B32546655E38A0A9	236D203DBFBFBF6CD0381BEF49F8420073341A47	AAF53092EA7CA0E26C8C57DE53245C2736B05F6A57CB7D53A407B7E1FB2A5246
Chrome Cache Entry: 98	SVG Scalable Vector Graphics image	D363DCF04761E8DFDE2A143F0207CFE9	87C72CA3B6AB4662AE8AE6DE73FDF4A28E776664	25B5CAB5277CDEE51DDC4E02DDECF381F9751BB4E9667A52793B52E26E788141
Chrome Cache Entry: 99	Unicode text, UTF-8 text, with very long lines (65490)	52642A88598326B19795FC34A4722823	06D2C08BAABCC2EB55C8EF9FE24DCDF5FAEF670D	7C0E7571144283E1DA89211D72FB1E35360D163C865E415FA400DCEB9B6D385B

Windows Analysis Report Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Kevin Burrell shared 'Team A Pictures and Presentation' in 'Eric Meyn's Workspace' with you.msg