Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msg

Overview

General Information

Sample name:Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msg
Analysis ID:1562547
MD5:fa8698f983a3611ab59efd6fab564eca
SHA1:ba3e4e25f5a9c2611230298e4e7162f6c22e768d
SHA256:6e0eb1ea8b3de0d8cafd6d93f460b4b8d54710703da3c76568e97d28e85dc399
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Suspicious MSG / EML detected (based on various text indicators)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7060 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6296 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8847B338-6A75-4AB0-A7A2-BFE5ABE0EA9D" "6F657427-8ACB-4E4F-AD7E-33FA879D76C3" "7060" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 7036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://api.triofox.ai/docviewer/Viewer/DocViewer?s=EiqPSIQ4Z4Br1RBO MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 5156 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,12737497025934160563,16905762416708829197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7060, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Page contains button: 'VIEW DOCUMENT HERE' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'view document here'
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Suspicious URL pattern with 'triofox.ai' domain that appears to be a document viewer/phishing page. Generic document name with random numbers (DOC2024.11.19.1983928) is a common phishing tactic. Sender and recipient are identical, which is unusual for legitimate document sharing
Suspicious MSG / EML detected (based on various text indicators)
Source: MSG / EMLOCR Text: Enclosed, please find a new scan doc shared with you. VIEW DOCUMENT HERE Pages:3 Resolution: 200x200 DPI This E-mail was sent from "RNP5838796F6B76" (1M 350).
Source: https://api.triofox.ai/docviewer/Viewer/DocViewer?s=EiqPSIQ4Z4Br1RBOHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 8MB later: 29MB
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.4
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.4
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.147.4
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.204.113
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global trafficDNS traffic detected: DNS query: api.triofox.ai
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.20.204.113:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:49730 version: TLS 1.2
Source: classification engineClassification label: mal52.phis.winMSG@17/30@6/108
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1153480748-7060.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8847B338-6A75-4AB0-A7A2-BFE5ABE0EA9D" "6F657427-8ACB-4E4F-AD7E-33FA879D76C3" "7060" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://api.triofox.ai/docviewer/Viewer/DocViewer?s=EiqPSIQ4Z4Br1RBO
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,12737497025934160563,16905762416708829197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8847B338-6A75-4AB0-A7A2-BFE5ABE0EA9D" "6F657427-8ACB-4E4F-AD7E-33FA879D76C3" "7060" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://api.triofox.ai/docviewer/Viewer/DocViewer?s=EiqPSIQ4Z4Br1RBO
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=2008,i,12737497025934160563,16905762416708829197,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.250.181.68
truefalse
    		high
    vertexgraph-orange-elb3-72928750.us-east-1.elb.amazonaws.com
    		54.159.180.92
    		truefalse
      		unknown
      api.triofox.ai
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://api.triofox.ai/docviewer/Viewer/DocViewer?s=EiqPSIQ4Z4Br1RBOfalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          52.113.194.132
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          172.217.19.238
          		unknownUnited States
          		15169GOOGLEUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          20.52.64.201
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          52.109.89.18
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          172.217.17.35
          		unknownUnited States
          		15169GOOGLEUSfalse
          216.58.208.227
          		unknownUnited States
          		15169GOOGLEUSfalse
          52.111.252.16
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          74.125.205.84
          		unknownUnited States
          		15169GOOGLEUSfalse
          239.255.255.250
          		unknownReserved
          		unknownunknownfalse
          54.159.180.92
          		vertexgraph-orange-elb3-72928750.us-east-1.elb.amazonaws.comUnited States
          		14618AMAZON-AESUSfalse
          23.32.238.27
          		unknownUnited States
          		2828XO-AS15USfalse
          35.173.12.189
          		unknownUnited States
          		14618AMAZON-AESUSfalse
          142.250.181.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          52.109.76.243
          		unknownUnited States
          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

          Private

          IP
          192.168.2.16

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1562547
          Start date and time:2024-11-25 17:53:14 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:15
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Sample name:Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msg
          Detection:MAL
          Classification:mal52.phis.winMSG@17/30@6/108
          Cookbook Comments:
          • Found application associated with file extension: .msg

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 52.109.76.243, 23.32.238.27, 23.32.238.82, 52.111.252.16, 52.111.252.15, 52.111.252.17, 52.111.252.18, 216.58.208.227, 74.125.205.84, 172.217.19.238, 20.52.64.201, 34.104.35.123
          • Excluded domains from analysis (whitelisted): omex.cdn.office.net, onedscolprdgwc05.germanywestcentral.cloudapp.azure.com, slscr.update.microsoft.com, clientservices.googleapis.com, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, prod-all.naturallanguageeditorservice.osi.office.net.akadns.net, accounts.google.com, prod-inc-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, prod.configsvc1.live.com.akadns.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, edgedl.me.gvt1.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.traffi
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msg

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:modified
          Size (bytes):231348
          Entropy (8bit):4.382202924227973
          Encrypted:false
          SSDEEP:
          MD5:6B86C4AE2BAB9D1BAB40F40819A99E58
          SHA1:FF03E9657C98CEF6838DEB43DBF39631C284E196
          SHA-256:9BEE03CD9ED2FCB1734A598A18111A68C0CEE72348289AB316389C624083B20D
          SHA-512:1B2F4BE870D2303ACF235148DADA3AFF6A0E77C5D42B379D81A227EB8792D58823979A73E73CE0CC46C30B833FC0BB7300E28EB810E5551A1E12558E42988B64
          Malicious:false
          Reputation:unknown
          Preview:TH02...... .....Z?......SM01X...,......Z?..........IPM.Activity...........h...............h............H..h........s.[....h........`...H..h\cal ...pDat...hh...0..........h.a............h........_`Uk...h..a.@...I.lw...h....H...8.Zk...0....T...............d.........2h...............k..............!h.............. h...[....0.....#h....8.........$h`.......8....."h.............'h..]...........1h.a.<.........0h....4....Zk../h....h.....ZkH..h c..p.........-h .......\.....+hC.a......................... ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

          C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
          Category:dropped
          Size (bytes):1869
          Entropy (8bit):5.085542928414152
          Encrypted:false
          SSDEEP:
          MD5:CE371196210586B476130CDF1939A1DA
          SHA1:475E11967E7A6562FBEA729B0C832D7EFBEA6355
          SHA-256:17E440ED9E75201CE96635D48060BB3215292AF6128EDDA51A96D4485898A41E
          SHA-512:0001054E3436A1368342034C1A7618DC34774BCAC08A1468FF83D760690D866671D9FC593B1CEB42536CCC3F83F871F7F25DE3839444A04F129DCB199FE9C160
          Malicious:false
          Reputation:unknown
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-11-25T16:53:52Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-06T09:25:29Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:25:29Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:25:29Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with very long lines (65536), with no line terminators
          Category:dropped
          Size (bytes):322260
          Entropy (8bit):4.000299760592446
          Encrypted:false
          SSDEEP:
          MD5:CC90D669144261B198DEAD45AA266572
          SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
          SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
          SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
          Malicious:false
          Reputation:unknown
          Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with no line terminators
          Category:modified
          Size (bytes):10
          Entropy (8bit):2.4464393446710155
          Encrypted:false
          SSDEEP:
          MD5:4EDF98C3DD35DCBB04F9D122956236B3
          SHA1:5EF80A62D413482079C12C4F054C928866D5CB22
          SHA-256:126AACA823D150299AC2818A20C176023942AF57E9FF87A6273571F24414D5C0
          SHA-512:09B292087A4367817C595E45D9E2CB612219B505A6A935E9AB5ED667697C07438BF50F645D4100A2E89DA0BD54248DF4690489B02AA35AFCE13DA360EF0A8DF6
          Malicious:false
          Reputation:unknown
          Preview:1732553636

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1B057A59-AA06-4ED9-80CA-32BBCC83CFF5

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):181859
          Entropy (8bit):5.295311126093342
          Encrypted:false
          SSDEEP:
          MD5:7FDCEE7A46A80CD3C9E8B2E6F89BE44F
          SHA1:2088488DE4A8BE38FDD112D25DDF18B5C5F29C93
          SHA-256:79F753F2DB05C2DF1A6BA5A0A02B2D1316E3ADB5EC5C287679192B6E173EAF73
          SHA-512:A118DFBDFF4D9086B62181D101C10A62CB7D270FF6EBDD940DDC4EB7A8DC05C6297A6A4A9270A981F088DC5F6640467852605196772753F7653EC63D128B6D1D
          Malicious:false
          Reputation:unknown
          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-25T16:53:51">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.04595739460260245
          Encrypted:false
          SSDEEP:
          MD5:592962908F9B19D2F30AE53FD9DD660E
          SHA1:AE2C7BF90CDCAE179B8BE1124DC9B235FEF48F71
          SHA-256:E523FED6177517DC4BCCB22BD2AE94B71145667ED422EC9FD679B4BEEEA81EA3
          SHA-512:B208890874DC6616C32DABB055114C42A5116AF3A1C1B581A74FF218F9AC2687AE37AAFA4F8C13E828C94327C767DDC7F130292488340D9ABAF2459D11A9C71D
          Malicious:false
          Reputation:unknown
          Preview:..-.........................!.6...[.5...2.v.w....-.........................!.6...[.5...2.v.w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:SQLite Write-Ahead Log, version 3007000
          Category:dropped
          Size (bytes):49472
          Entropy (8bit):0.4844884508473805
          Encrypted:false
          SSDEEP:
          MD5:EF641B56D5E3415F991FB5B6F0BB22E8
          SHA1:F76FDB9493E37EEEC6C8D4B17C40CC8C1876A21F
          SHA-256:8746E0E620BF210BE83A71E26327F1CEDCF2C7CB523D43B945EC17117DFD9DFA
          SHA-512:BB41A7CAC1F7DFAAD5B22762EA08762A38FE96C6AF2E7D9CFCA8A16BAF0CCF62C5F43A3E6CC6CB84A6057C0E47F798233C3CD142C381A1F08FEACFF8DC7D8DFE
          Malicious:false
          Reputation:unknown
          Preview:7....-............[.5...\B................[.5....l.....ISQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\3F988918.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 1090 x 710, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):197542
          Entropy (8bit):7.958774126629035
          Encrypted:false
          SSDEEP:
          MD5:546FE17AC33985D750FC1D59777B50FA
          SHA1:3F34A4934357ED41AAB6DD11BE159F2878D163F8
          SHA-256:19716248F8DCE58B34CE75DBC37F12BBFF9A6644E9EFFCBFAFA28C47D647D81E
          SHA-512:58EDFF888109DAAD85F9E964B3CE817CF72FAE60E84344C167C05E8D3ADBC53FFAEB685FDCB5C2808B7B4BEC8E4AFF85FDF3A6288143587F0A4F1C7BAAD7E71E
          Malicious:false
          Reputation:unknown
          Preview:.PNG........IHDR...B.........A34....NiCCPICC Profile..H..W.XS...[R!..D@J.M...@J.-. *!..J..A....Z..,+........+.bw-....uq]...@.}.{.}s.....s....../....I.e......),R7..c..\.!_ .r....,......Q....Z....EK(...@.!N...y....o.He.....7../U.2.ud.A.k.8S.[.8]......r!~..Y..e....yV. ...a..I".K ...'/o...E..@.8']..N.J'.o..#.|~..V.2X..b.4.?..L...y...9.aU...*c.y{.3#L..!~+I...X..........IP.6.9...0!.$....B~@...gHr#.l.2.AJ..?.B...X....<0n..lF..73d\...........I..1.,.oH.s,.O...q@.81.b..#.9qaC6..Y..a.."V....2.$._...g.b..w..c.Ne.y.C.j~V|.*W.........'.p..uD.....E....q.H....q=i...j,n'.....E..J...xyA...|.8U.x.4?:^.'^....V.........(`M.3@6...6..;UO......".0...H...k.(..C$..q..."P..O.X%'..TW..1.T..O!..a ..+..$#.$.'....#>...C........_..d.....,..%1..@.!..mq.........Vg..{......AxD.A.$......2.tB..........j....7T..8.7.........]!...[...(.E......8QP.....f.H.;....e.......|sGzF...*.B......a...E..k.,.$..a.xd.=.\q......uF../OV.I.S.S..GU_.hv..e....3..Y..c.X<..q................W.f..n.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{D3680777-451C-4629-A778-2464C68600FB}.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):1604
          Entropy (8bit):0.8148093047564656
          Encrypted:false
          SSDEEP:
          MD5:E8FAD605261D7A7EEE27739F7E8DE6AA
          SHA1:E4F3323EECAF9A476C97B7FC529FBE9DFAC3D053
          SHA-256:263934F22647B7A0FB1F943B71A729FB8D84D8DF50DA8EEBC130768F737B08C2
          SHA-512:6AAF672BC2D7097310FF7863C904DB1202A664D793E8B003482876B46828F10A00A153DC8A25636BB0A2050615E92D61ADEEE95176D7B74E352A47EE60E4331C
          Malicious:false
          Reputation:unknown
          Preview:....H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.p.i...t.r.i.o.f.o.x...a.i./.d.o.c.v.i.e.w.e.r./.V.i.e.w.e.r./.D.o.c.V.i.e.w.e.r.?.s.=.E.i.q.P.S.I.Q.4.Z.4.B.r.1.R.B.O.".....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732553628971348800_F165B05C-4611-4D65-821D-2E700D554785.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with very long lines (28760), with CRLF line terminators
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.1783043594436934
          Encrypted:false
          SSDEEP:
          MD5:BA5DA06C6BE4A4173A1FA2875A3C14F7
          SHA1:79F0E2E231BA9DDDC6B00CAB04843DD67AE9A70C
          SHA-256:09A11D45A989C3810E982872F199B81C1055068187C6729D5B2DE7BCF3D5E466
          SHA-512:2E1E9DB36256A8F42F5D3005FFD38CC871BC5CB85D27A4F2F07BF193867C7356EB66CA09DC3A33D557D9A0CB5294F5E2B14ED692150290484E20CE891F0F629E
          Malicious:false
          Reputation:unknown
          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/25/2024 16:53:49.003.OUTLOOK (0x1B94).0x1B98.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-11-25T16:53:49.003Z","Contract":"Office.System.Activity","Activity.CV":"XLBl8RFGZU2CHS5wDVVHhQ.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/25/2024 16:53:49.035.OUTLOOK (0x1B94).0x1B98.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-11-25T16:53:49.035Z","Contract":"Office.System.Activity","Activity.CV":"XLBl8RFGZU2CHS5wDVVHhQ.4.10","Activity.Duration":13582,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732553628971911500_F165B05C-4611-4D65-821D-2E700D554785.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241125T1153480748-7060.etl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:modified
          Size (bytes):86016
          Entropy (8bit):4.464980720561922
          Encrypted:false
          SSDEEP:
          MD5:FADD85676B5D529875B7C26E66844E5B
          SHA1:11EC20274CBAF3862B21B84A9D250B64BA7D78C7
          SHA-256:6CEF7DAA3389CF4EE7A728FCF261437EF15E34ABAC320517063A34F14CA912E7
          SHA-512:3484CFC6726C90751A63C86FBE1F365356AB1535963F0B6CB2D8AA980B99E0AC781755FF5C561C715A75310B0D36E05C0E91C354D2A92A8C454E15CA6BF1F09E
          Malicious:false
          Reputation:unknown
          Preview:............................................................................`.............3.Z?..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y............3.Z?..........v.2._.O.U.T.L.O.O.K.:.1.b.9.4.:.1.1.7.5.d.6.c.d.d.1.2.b.4.3.d.7.b.c.c.e.b.8.e.3.9.0.e.8.1.3.a.1...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.5.T.1.1.5.3.4.8.0.7.4.8.-.7.0.6.0...e.t.l.......P.P...........3.Z?..........................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\~DF7AE61DE0B89391B5.TMP

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):163840
          Entropy (8bit):0.40805814413545893
          Encrypted:false
          SSDEEP:
          MD5:E0E703252A526F49C269B3692D33960E
          SHA1:ED69CAAC4A4F0B927745B41B66D52CB38C3392A8
          SHA-256:6C3F15A73B7D58CDA7E0CDE887C338039867C85BF938768883C214C5722EBD3D
          SHA-512:1D7F18D9E92A581BC60D819D6F6DAE4DA3683E7C0349002F09B9D172D36D25FA0B22D771EEE81C62B3B3522FFBE3C4E4C14FF500D62C95C9F78D11765A5D0D32
          Malicious:false
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):30
          Entropy (8bit):1.2389205950315936
          Encrypted:false
          SSDEEP:
          MD5:C18E78FDFA75EAFD5505D40B327F4B3D
          SHA1:BFFD9E191757AE074C70ABF5CDEB2C41A6BF75C5
          SHA-256:0FB09710B02212B4EF5C0164819A5AFD31229DE0FC113B110998DCE2C0321855
          SHA-512:A86759E427A8878B58B560461AA6FE6935E74BF40EEBC272913B68C681578CC3F6AEE999428C208B6F7DE0097BF3B836F7765CB811E278D07A81B0F536636621
          Malicious:false
          Reputation:unknown
          Preview:..............................

          C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:dropped
          Size (bytes):14
          Entropy (8bit):2.699513850319966
          Encrypted:false
          SSDEEP:
          MD5:C5A12EA2F9C2D2A79155C1BC161C350C
          SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
          SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
          SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
          Malicious:false
          Reputation:unknown
          Preview:..c.a.l.i.....

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2673
          Entropy (8bit):3.989392198509121
          Encrypted:false
          SSDEEP:
          MD5:6E32A9E1E6BEFC7C45D8FDFD1D87F41F
          SHA1:4A11AFC0742F40FD2A4B1AD89F3C12BC308BEA1F
          SHA-256:58A5A90FC6AC9CA5923417CA54A67FD107C48C01AFDCAFD7975C5F634A848EE0
          SHA-512:060A84AF47393E9AEE1211E3ADD5386AA76E9E629B0DF500526B3B7C04DB38470FBF8062704CC1342E4CA23BDD1D2A1AE51FC1AF25277622C5203CD932D9333B
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....(...Z?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):4.003730198121544
          Encrypted:false
          SSDEEP:
          MD5:C145F650E273D0F8C4C6B0BB3DF08F34
          SHA1:A3DEF13D58DEA8FF10B693BB368036910E5F7346
          SHA-256:AE2F98CF488F4F6360F76EC93DABE097FA8D156DDE335BC79EBB872206EB4BED
          SHA-512:614D7E82BD5DB503026D21AEFBBE93986ADF041FF266199EFAAEA3E5A780089D3CC6398AAD314A4AAE2F46D2B24241AAB08F0BCC8E8852795DB1DC75DDAC0F4B
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....T%..Z?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2689
          Entropy (8bit):4.012691263547087
          Encrypted:false
          SSDEEP:
          MD5:15794BBF9151EE90F0B28AFF8064CB0F
          SHA1:81A65AD4C982E02A613E95EFE985CDF2A96C047D
          SHA-256:471CB30D16252283E82AD44B69CA9133CD5EEA60B724D96190D0B89FF6A7D239
          SHA-512:46A042B42EEF8D8E57E0A30DDB3721EDE9FEAF876E5AD2BC09D23CA9CF9DE35CFD0EC465AABE2712D32AEAA4C06199877269D91221E2DC5B15D6A5EEDE29A225
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):4.005502427639574
          Encrypted:false
          SSDEEP:
          MD5:EB7B6E02CCE17ED3C9EA046B4A49D380
          SHA1:BD0CB6888C1510D0575B198A0A6EDB5F432A837A
          SHA-256:74F00494D98335EC27732B3FCFB9D6B030F37F67C47D478C6128F702F892ABD1
          SHA-512:5A1791C9A1AE651980EBF63627BAA1C11CF626D3921A598130988029F5060AE3F15F55B8593085DD5B2EAED7E4E0F598AAF88EFC1817417FDD7064FB137F2AE4
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,........Z?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.991197144227809
          Encrypted:false
          SSDEEP:
          MD5:8CA640BD8C24604270BCC060EE872AF8
          SHA1:5C628BDDD475E1BCE65FD883FA7444C101855905
          SHA-256:B4A58607E0197AA8609C5DC9F33463FAB2D8561463CEF72920372AF1E2F6BB0F
          SHA-512:0C083F17CCFA993AB15B65F11EAE7DE112B9348DA1876EDF78AC7C949BE936A6DDEF5B16D96105BB88064838A406CB954AFB2A4F128AD52288CBFD2D79D66D0E
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....f..Z?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 15:54:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):4.002778583535609
          Encrypted:false
          SSDEEP:
          MD5:EA2FB393CD8A610574EEBAD01B40CDA4
          SHA1:9BD4B9E15E5E35E194B46A1378CCEA5D07328EB3
          SHA-256:12FC72BB091700158E6085BF10287F770E6190740050088F80BECBE3614D7655
          SHA-512:985E9A3556528E1DE9BC63599B2FDAB636F7F50C7B3FD4A98E23336556A209D9DC304867E6E6947E528C14019DC1F3DC7652EFD2955099BEEAF9004D21422F93
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.......Z?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............g.Z.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Microsoft Outlook email folder (>=2003)
          Category:dropped
          Size (bytes):271360
          Entropy (8bit):1.3332541240085132
          Encrypted:false
          SSDEEP:
          MD5:5591CD33C8A8441EF984D00B3CCCA034
          SHA1:052E0ACA4ACE9DE07837CF8ECC1480CD54EF96F4
          SHA-256:79DB7BD544E66F82D633ED240E9F5FAC7DF70E37329CF49D792F57209C71BF54
          SHA-512:BEE2A50B314C066346C77247327C3FD72027944F669D04252ED6BE76B385E34D3538BE48BB82AD31C2C5B6EA01136C17F0C5620CBC2A25DDAE120EB3DCCFF491
          Malicious:true
          Reputation:unknown
          Preview:!BDN...ZSM......\...4...........2.......T................@...........@...@...................................@...........................................................................$.......D.......L..............................1........................................................................................................................................................................................................................................................................................................d.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):131072
          Entropy (8bit):1.1328307903465746
          Encrypted:false
          SSDEEP:
          MD5:D1ACEB599C1F2A16852D2A423CDC50F7
          SHA1:139D0444B2A3688BFF49949E8D5E21303DDF8499
          SHA-256:52870D49935B040DF7BAC9C1D2C49B1AA6EC025B36BEF89AE1C3BC857DFC2B53
          SHA-512:50EA6C3139F777DDBB94AAB8AACD6113FCF16F8D731DD0DC8CBA8BB8D84DCE496C5193C93B71B72830FEA9FFF0A5157367916234427D8853299832770AA4AE79
          Malicious:true
          Reputation:unknown
          Preview:...gC...S............F..Z?....................#.!BDN...ZSM......\...4...........2.......T................@...........@...@...................................@...........................................................................$.......D.......L..............................1........................................................................................................................................................................................................................................................................................................d..F..Z?.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

          Chrome Cache Entry: 72

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65450), with CRLF line terminators
          Category:downloaded
          Size (bytes):89478
          Entropy (8bit):5.2899182577550565
          Encrypted:false
          SSDEEP:
          MD5:B61AA6E2D68D21B3546B5B418BF0E9C3
          SHA1:9C1398F0DE4C869DACB1C9AB1A8CC327F5421FF7
          SHA-256:F36844906AD2309877AAE3121B87FB15B9E09803CB4C333ADC7E1E35AC92E14B
          SHA-512:5882735D9A0239C5C63C5C87B81618E3C8DC09D7D743C3444C535B9547B9B65DEFA509D7804552C581CB84B61DD1225E2ADD5DCA6B120868EC201FA979504F4B
          Malicious:false
          Reputation:unknown
          URL:https://api.triofox.ai/docviewer/lib/jquery/dist/jquery.min.js
          Preview:/*! jQuery v3.5.1 | (c) JS Foundation and other contributors | jquery.org/license */..!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"

          Chrome Cache Entry: 73

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65319), with CRLF line terminators
          Category:downloaded
          Size (bytes):155764
          Entropy (8bit):5.066642470765085
          Encrypted:false
          SSDEEP:
          MD5:8FE70898895271DDC62823321011273A
          SHA1:60F0159744E3B554A45DA027F9E7FAA992AED71A
          SHA-256:AE576713BC196098F7438DEDE6FF1F835A23291C32B745AD7E6FB6DB809A719B
          SHA-512:A37D9F7728554BB6C241D68303E0F09BD427F061A681CF61BDDDF1DDA40A0C77C10E3E0BF8E58F1D31C1AF14DF7E5941C26EE53B065E35454EA8CDFFB47392EE
          Malicious:false
          Reputation:unknown
          URL:https://api.triofox.ai/docviewer/lib/bootstrap/dist/css/bootstrap.min.css
          Preview:/*!.. * Bootstrap v4.3.1 (https://getbootstrap.com/).. * Copyright 2011-2019 The Bootstrap Authors.. * Copyright 2011-2019 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-si

          Chrome Cache Entry: 75

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:HTML document, ASCII text, with CRLF line terminators
          Category:downloaded
          Size (bytes):1493
          Entropy (8bit):5.013212133191296
          Encrypted:false
          SSDEEP:
          MD5:795F17DCB1B0CE77F420CA07353E09D1
          SHA1:F92AE792DF16FE0BC8A35A81A84457FBE9E95471
          SHA-256:F3B99FE615D23CFF64C18FD50BF7E835C8C30F5DC3A95F31732BBB42A7F15035
          SHA-512:27FDC0E8E5779573752506FC87F7D70F38A1CFAA7204C5059191B361717D29A0FD9DB7846E711F817CEDB935C65050EDAEDB1964B183C9409F6D34F546C59FBC
          Malicious:false
          Reputation:unknown
          URL:https://api.triofox.ai/docviewer/Viewer/DocViewer?s=EiqPSIQ4Z4Br1RBO
          Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="utf-8" />.. <meta name="viewport" content="width=device-width, initial-scale=1.0" />.. <title>Error - DocViewer</title>.. <link rel="stylesheet" href="/docviewer/lib/bootstrap/dist/css/bootstrap.min.css" />.. <link rel="stylesheet" href="/docviewer/css/site.css" />..</head>..<body>.. .. .. .. ..<h1 class="text-danger">Error.</h1>..<h2 class="text-danger">An error occurred while processing your request.</h2>.... <p>.. <strong>Request ID:</strong> <code>|20a01462-4ff9e4517b3d5d6b.</code>.. </p>....<h3>Development Mode</h3>..<p>.. Swapping to the <strong>Development</strong> environment displays detailed information about the error that occurred...</p>..<p>.. <strong>The Development environment shouldn't be enabled for deployed applications.</strong>.. It can result in displaying sensitive information from exceptions to end users... For local debugging, enable the <st

          Chrome Cache Entry: 78

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65292), with CRLF line terminators
          Category:dropped
          Size (bytes):78641
          Entropy (8bit):5.2646136588317844
          Encrypted:false
          SSDEEP:
          MD5:B41FE9374205BD087A4D4F0AB5A195BE
          SHA1:FF398162CF8CBDBAA30110512524ECCE2CA040BE
          SHA-256:5D97E438677A16E845F3C8791A0126448A576E6FA1064168EF8C980CF639ADBC
          SHA-512:5EA6FB309C0D1B03F13AFE2BDA21BDECFFF3F7A43F0A3AAF5172D0BD978DFED41C9EDE4C8A3440EC1C654D13CFB6BE230180602DC49338450BB7D2A9A1226C86
          Malicious:false
          Reputation:unknown
          Preview:/*!.. * Bootstrap v4.3.1 (https://getbootstrap.com/).. * Copyright 2011-2019 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors).. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */..!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery")):"function"==typeof define&&define.amd?define(["exports","jquery"],e):e((t=t||self).bootstrap={},t.jQuery)}(this,function(t,p){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function l(o){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{},e=Object.keys(r);"function"==typeof Object.getOwnPropertySymbols&&(e=e.concat(Object.getOwnPropertySymbols(r).filter(function(t){return Object.getOwnPropertyDescriptor(r,t).enumerable}))),e.forEach(function

          Chrome Cache Entry: 79

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:downloaded
          Size (bytes):1637
          Entropy (8bit):4.944732786437499
          Encrypted:false
          SSDEEP:
          MD5:D5FC49AC7DF55D53B669C8158CAD04DB
          SHA1:8DA7E80905F72E95FD6F5E82935DB99106E9B6FD
          SHA-256:5243FBD63067917AA748E837D97C1897354DADA7FD3B53AD34056529DD26C024
          SHA-512:4F40316EF2485B5F74CF3960FA281403EAFB247432135B47CF51D7AEAF8E273813BAF343359753D0A4C133B556E246E5BA57E471F4FD57B07BAE6D2FAA03F601
          Malicious:false
          Reputation:unknown
          URL:https://api.triofox.ai/docviewer/css/site.css
          Preview:./* Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification..for details on configuring this project to bundle and minify static web assets. */....a.navbar-brand {.. white-space: normal;.. text-align: center;.. word-break: break-all;..}..../* Provide sufficient contrast against white background */..a {.. color: #0366d6;..}.....btn-primary {.. color: #fff;.. background-color: #1b6ec2;.. border-color: #1861ac;..}.....nav-pills .nav-link.active, .nav-pills .show > .nav-link {.. color: #fff;.. background-color: #1b6ec2;.. border-color: #1861ac;..}..../* Sticky footer styles..-------------------------------------------------- */..html {.. font-size: 14px;..}..@media (min-width: 768px) {.. html {.. font-size: 16px;.. }..}.....border-top {.. border-top: 1px solid #e5e5e5;..}...border-bottom {.. border-bottom: 1px solid #e5e5e5;..}.....box-shadow {.. box-shadow: 0 .25rem .75rem rgba(0, 0, 0, .05);..}....button.accept-policy

          Chrome Cache Entry: 80

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:downloaded
          Size (bytes):230
          Entropy (8bit):4.536682738413132
          Encrypted:false
          SSDEEP:
          MD5:DC0EDA3CD0141331EC73B748BF9B9FF5
          SHA1:D90317C037B67DFA07C327603F113F7E28B6486E
          SHA-256:74B18FE344BBF579F1E86A94B61445E8D5AF8EF850D673AF7554B068D7201B5F
          SHA-512:FDAB26B4E480EC603D94F3707199CB4913B91E1B87DF380107E77B9B8D3927D96FD608B0EB965A68B33687C2BB225A94A0300446B680B3014345DD94153328CD
          Malicious:false
          Reputation:unknown
          URL:https://api.triofox.ai/docviewer/js/site.js?v=dLGP40S79Xnx6GqUthRF6NWvjvhQ1nOvdVSwaNcgG18
          Preview:.// Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification..// for details on configuring this project to bundle and minify static web assets.....// Write your Javascript code...

          Chrome Cache Entry: 81

          Download File
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
          Category:downloaded
          Size (bytes):249886
          Entropy (8bit):2.6881136609756053
          Encrypted:false
          SSDEEP:
          MD5:9820664F9A4DE301F12186630A05A221
          SHA1:BE1DA0EF009CD4E11708F920CFB4637EF9308FB1
          SHA-256:56B73919AE9F8D29D0DABFE5ADA5E66DFA506ACE78251DF233872AFB6BAAE250
          SHA-512:8CACD8B7D3570287C41A83EBB5A6B703E89316F6B5BB406C058167CE68F2812CF3B947E22791FDCD14D72056BBE1DFD850AF450EFCDAA9F00F8DDF69E363EBDB
          Malicious:false
          Reputation:unknown
          URL:https://api.triofox.ai/favicon.ico
          Preview:............ .h...F... .... .........00.... ..%..V......... .( ...:..(....... ..... ....................................................................................................................~...........~............................................................................................................................................................................................................................................-...M.......I...u...u...u...+....................~....................(..............`...U........~......................-......1....../...........L...V..................................$..........".............=....................~......$......+......9......)...*................~......................w...w...P.......\...y...x...L.........................................................................................................................................................................................................

          Static File Info

          General

          File type:CDFV2 Microsoft Outlook Message
          Entropy (8bit):7.5977695878960105
          TrID:
          • Outlook Message (71009/1) 58.92%
          • Outlook Form Template (41509/1) 34.44%
          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
          File name:Encrypt DOC2024.11.19.1983928 shared with you! (203 KB).msg
          File size:237'056 bytes
          MD5:fa8698f983a3611ab59efd6fab564eca
          SHA1:ba3e4e25f5a9c2611230298e4e7162f6c22e768d
          SHA256:6e0eb1ea8b3de0d8cafd6d93f460b4b8d54710703da3c76568e97d28e85dc399
          SHA512:19d9bdd6c37806773ef248214ba49c7566e9d0799fe11bd71fb64d7fb4d6eb79391621c62e18d41febd2b8c28f26dd71cf82ffbe00c9b92a30bf316ffddf4e38
          SSDEEP:3072:KiHl7cw4rjvUozVpY/rd8vInMXCO9dyUZDwlYrdi8hTdkxzUeO1THcfJy:/l7cfckpumtoUbhTdkvO1ofJy
          TLSH:0F34BF0235D52123F2B68F3618D68883676F7DB29C00DFAF3795B35E0932581DD67A2A
          File Content Preview:........................>.......................................................G...H...I......................................................................................................................................................................

          Static Mail

          General

          Subject:Encrypt *DOC2024.11.19.1983928* shared with you!
          From:"Shawn A. Cleaver" <cleavsha@ycs.k12.pa.us>
          To:"Shawn A. Cleaver" <cleavsha@ycs.k12.pa.us>
          Cc:"Shawn A. Cleaver" <cleavsha@ycs.k12.pa.us>
          BCC:"Shawn A. Cleaver" <cleavsha@ycs.k12.pa.us>
          Date:Tue, 19 Nov 2024 20:39:02 +0100
          Communications:
          • <https://api.triofox.ai/docviewer/Viewer/DocViewer?s=EiqPSIQ4Z4Br1RBO>
          Attachments:
          • image001.png

          Headers

          Key Value
          Receivedfrom CH3PR19MB8126.namprd19.prod.outlook.com
          1939:02 +0000
          by SA3PR19MB7796.namprd19.prod.outlook.com (260310b6:806:2fb::16) with
          2024 1939:02 +0000
          ([fe80:a69f:ac93:7d8e:9772%4]) with mapi id 15.20.8158.021; Tue, 19 Nov 2024
          From"Shawn A. Cleaver" <cleavsha@ycs.k12.pa.us>
          To"Shawn A. Cleaver" <cleavsha@ycs.k12.pa.us>
          CC"Shawn A. Cleaver" <cleavsha@ycs.k12.pa.us>
          SubjectEncrypt *DOC2024.11.19.1983928* shared with you!
          Thread-TopicEncrypt *DOC2024.11.19.1983928* shared with you!
          Thread-IndexAds6ukEre3C8l0FKTkaoziGDGfsAhA==
          DateTue, 19 Nov 2024 19:39:02 +0000
          Message-ID<CH3PR19MB8126B19FCE1BBF00897F6F0BC5202@CH3PR19MB8126.namprd19.prod.outlook.com>
          Accept-Languageen-US
          Content-Languageen-US
          X-MS-Exchange-Organization-AuthMechanism04
          X-MS-Exchange-Organization-AuthSourceCH3PR19MB8126.namprd19.prod.outlook.com
          X-MS-Has-Attachyes
          X-MS-Exchange-Organization-Network-Message-Id58504061-c315-409e-c40c-08dd08d1d253
          X-MS-Exchange-Organization-SCL1
          X-MS-TNEF-CorrelatorX-MS-Exchange-Organization-RecordReviewCfmType: 0
          x-ms-exchange-organization-originalclientipaddress38.69.8.55
          x-ms-exchange-organization-originalserveripaddress2603:10b6:610:17e::13
          x-ms-publictraffictypeEmail
          authentication-resultsdkim=none (message not signed)
          x-ms-office365-filtering-correlation-id58504061-c315-409e-c40c-08dd08d1d253
          x-ms-traffictypediagnosticCH3PR19MB8126:EE_|SA3PR19MB7796:EE_|CH3PR19MB8126:EE_
          x-ms-exchange-transport-crosstenantheadersstampedSA3PR19MB7796
          x-forefront-antispam-reportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR19MB8126.namprd19.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(4073399012)(366016)(8096899003)(41050700001);DIR:INT;
          x-microsoft-antispamBCL:0;ARA:13230040|4073399012|366016|8096899003|41050700001;
          x-ms-exchange-crosstenant-originalarrivaltime19 Nov 2024 19:39:02.6306 (UTC)
          x-ms-exchange-crosstenant-network-message-id58504061-c315-409e-c40c-08dd08d1d253
          x-ms-exchange-crosstenant-id44a4c774-170a-4ad7-8c88-456f93770ddb
          x-ms-exchange-crosstenant-fromentityheaderHosted
          x-ms-exchange-crosstenant-mailboxtypeHOSTED
          x-ms-exchange-crosstenant-userprincipalnameGi9sGyZDDjSAPOhGHU5sCXkHFMDFtS1ayhROHwRGubwaDxwAqWSxof9+QGUxlrNE+U9SDFNMBsdLwmyQYxyg6Q==
          x-ms-exchange-crosstenant-authasInternal
          x-ms-exchange-crosstenant-authsourceCH3PR19MB8126.namprd19.prod.outlook.com
          x-ms-exchange-transport-endtoendlatency00:00:06.8544245
          x-ms-exchange-processed-by-bccfoldering15.20.8158.013
          x-ms-exchange-atpmessagepropertiesSA
          X-Microsoft-Antispam-Mailbox-Deliveryucf:1;jmr:0;auth:0;dest:C;OFR:CustomRules;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003);
          X-Microsoft-Antispam-Message-Infodqa+0805aqa5rEX3Mpuhbmbtdw7ctXChVZKqu7Fvv6qOoI3QTSfSZn8/cIMrHyaNgECUswcPq5gbCZreCEobVeC5eA75YCJo1BYwsLgQwqpYM84t6V5XLQnw+tDKyLdfzev11a+AGQUl8dq2sUOLf3atc9pNExYJYJiodrOn0K4GVy/lCQdJgDg1A7RZNlwoSpMjmgIgUiiTtXDDxpBHhn60c8fHZFlwPafUMtz1Xdv9XWdBEtKNQ2Kku064jTawvAiD5mDHCHOPRc7VNSnHI+MrYDstjyt2NtG1wVDgPUUAXZCJMNpTfsAm9dnAwNwXEbLMkdbDXUuAAJNr7phDrV19mNtfWkf5byG4LKLy/vJH4Jo8JGytBcndCFrbA0Ml5f0db1oaEypFGNTHXaSx/IWQibAbOFXbkRuNnQrC4zL9blTKU/WWRlcoxSxXvWQho4aUegy+flzAvQCethEqTiBLzQrPuDRtU68yPa+5U6hutniHr4p7iPlTr4pp9wLdgf4DruhipfzNs4nER1ywZbhxVXLKp66649j5t5iBaGNYfYpTOUMZ5ZRn9VfBTdX5NBd6s33/G/a+m2kKUyb33LgL4uSROQ/eCikoduHdRZmeOf9n6cVyeDmBsD4PETxHi+MBD+UD2g+sey+mQXE8OA==
          Content-Typemultipart/related;
          MIME-Version1.0
          dateTue, 19 Nov 2024 20:39:02 +0100

          File Icon

          Icon Hash:c4e1928eacb280a2