Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OriginalMessage.txt.msg

Overview

General Information

Sample name:OriginalMessage.txt.msg
Analysis ID:1428442
MD5:94d365363d19d0b415304f5fae2ec727
SHA1:eb8439bdaaeb67c95e86a4ed0c0a467ec8645933
SHA256:e88ee09c7fd0d5646d60b6bd7c2625d4b43badd76fd56e3e6fe9915d5219e0b8
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

HTML page contains hidden URLs or javascript code
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7088 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\OriginalMessage.txt.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6284 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E9A1D98E-DC57-4567-9D69-41B4853A430C" "9CBD7CE2-F746-4A33-8386-CCE0B68AD012" "7088" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nftstorage.link/ipfs/bafkreihmtitp2zhfxzglulfp5g4krdsybgqwu3k3p3dmtf72lviomgrqsu?login=ap@ddcaz.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 6796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,13079071517851683756,13560125053124318492,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7088, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/pgcwv/0x4AAAAAAAUZDvNEXYqNiWys/auto/normalHTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/pgcwv/0x4AAAAAAAUZDvNEXYqNiWys/auto/normal
Source: http://vosmuta.click/control_dotcom/?login=ap@ddcaz.com&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=nullHTTP Parser: No favicon
Source: https://defendguard.top/_mysterio_omni/?login=ap@ddcaz.com&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=nullHTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/pgcwv/0x4AAAAAAAUZDvNEXYqNiWys/auto/normalHTTP Parser: No favicon
Source: https://defendguard.top/_mysterio_omni/zure/7d9a0d11cb36e12a68817aff945390de/index.php?login=YXBAZGRjYXouY29t&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=nullHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.8
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
Source: global trafficHTTP traffic detected: GET /control_dotcom/?login=ap@ddcaz.com&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null HTTP/1.1Host: vosmuta.clickConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: vosmuta.clickConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://vosmuta.click/control_dotcom/?login=ap@ddcaz.com&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=nullAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: nftstorage.link
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 18 Apr 2024 21:43:38 GMTServer: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30Content-Length: 300Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 34 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 31 2e 31 2e 31 70 20 50 48 50 2f 37 2e 34 2e 33 30 20 53 65 72 76 65 72 20 61 74 20 76 6f 73 6d 75 74 61 2e 63 6c 69 63 6b 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30 Server at vosmuta.click Port 80</address></body></html>
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.16:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49757 version: TLS 1.2
Source: classification engineClassification label: clean2.winMSG@21/37@34/243
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240418T2343230438-7088.etl
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\OriginalMessage.txt.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E9A1D98E-DC57-4567-9D69-41B4853A430C" "9CBD7CE2-F746-4A33-8386-CCE0B68AD012" "7088" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nftstorage.link/ipfs/bafkreihmtitp2zhfxzglulfp5g4krdsybgqwu3k3p3dmtf72lviomgrqsu?login=ap@ddcaz.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,13079071517851683756,13560125053124318492,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E9A1D98E-DC57-4567-9D69-41B4853A430C" "9CBD7CE2-F746-4A33-8386-CCE0B68AD012" "7088" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nftstorage.link/ipfs/bafkreihmtitp2zhfxzglulfp5g4krdsybgqwu3k3p3dmtf72lviomgrqsu?login=ap@ddcaz.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2000,i,13079071517851683756,13560125053124318492,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
wakandos.top
104.21.17.82
truefalse
    		unknown
    defendguard.top
    		104.21.25.137
    		truefalse
      		unknown
      a.nel.cloudflare.com
      		35.190.80.1
      		truefalse
        		high
        ddcaz.com
        		13.248.177.245
        		truefalse
          		high
          bafkreihmtitp2zhfxzglulfp5g4krdsybgqwu3k3p3dmtf72lviomgrqsu.ipfs.nftstorage.link
          		104.18.41.40
          		truefalse
            		unknown
            vosmuta.click
            		3.105.85.247
            		truefalse
              		unknown
              www3.l.google.com
              		74.125.136.100
              		truefalse
                		high
                nftstorage.link
                		172.64.146.216
                		truefalse
                  		unknown
                  cdnjs.cloudflare.com
                  		104.17.25.14
                  		truefalse
                    		high
                    challenges.cloudflare.com
                    		104.17.2.184
                    		truefalse
                      		high
                      www.google.com
                      		64.233.185.99
                      		truefalse
                        		high
                        ddcaz-web-1204888116.us-east-1.elb.amazonaws.com
                        		44.212.141.147
                        		truefalse
                          		high
                          www.ddcaz.com
                          		unknown
                          		unknownfalse
                            		high
                            translate.google.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              https://defendguard.top/_mysterio_omni/?login=ap@ddcaz.com&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=nullfalse
                                		unknown
                                https://defendguard.top/_mysterio_omni/zure/7d9a0d11cb36e12a68817aff945390de/index.php?login=YXBAZGRjYXouY29t&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=nullfalse
                                  		unknown
                                  http://vosmuta.click/favicon.icofalse
                                    		unknown
                                    about:blankfalse
                                      		low
                                      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/pgcwv/0x4AAAAAAAUZDvNEXYqNiWys/auto/normalfalse
                                        		high
                                        http://vosmuta.click/control_dotcom/?login=ap@ddcaz.com&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=nullfalse
                                          		unknown

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          72.21.81.240
                                          		unknownUnited States
                                          		15133EDGECASTUSfalse
                                          20.189.173.9
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          74.125.138.139
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          172.64.146.216
                                          		nftstorage.linkUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          52.109.16.112
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          104.84.231.105
                                          		unknownUnited States
                                          		16625AKAMAI-ASUSfalse
                                          64.233.185.84
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          35.190.80.1
                                          		a.nel.cloudflare.comUnited States
                                          		15169GOOGLEUSfalse
                                          104.21.17.82
                                          		wakandos.topUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          104.18.41.40
                                          		bafkreihmtitp2zhfxzglulfp5g4krdsybgqwu3k3p3dmtf72lviomgrqsu.ipfs.nftstorage.linkUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          142.251.15.147
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          74.125.138.94
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          52.113.194.132
                                          		unknownUnited States
                                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          1.1.1.1
                                          		unknownAustralia
                                          		13335CLOUDFLARENETUSfalse
                                          142.250.105.94
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          172.253.124.99
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          142.250.105.95
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          142.250.105.104
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          104.21.25.137
                                          		defendguard.topUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          239.255.255.250
                                          		unknownReserved
                                          		unknownunknownfalse
                                          108.177.122.101
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          52.109.44.110
                                          		unknownUnited States
                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                          64.233.185.95
                                          		unknownUnited States
                                          		15169GOOGLEUSfalse
                                          3.105.85.247
                                          		vosmuta.clickUnited States
                                          		16509AMAZON-02USfalse
                                          104.17.2.184
                                          		challenges.cloudflare.comUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          64.233.185.99
                                          		www.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          104.17.25.14
                                          		cdnjs.cloudflare.comUnited States
                                          		13335CLOUDFLARENETUSfalse

                                          Private

                                          IP
                                          192.168.2.17
                                          192.168.2.16

                                          General Information

                                          Joe Sandbox version:40.0.0 Tourmaline
                                          Analysis ID:1428442
                                          Start date and time:2024-04-18 23:42:54 +02:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:18
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • EGA enabled
                                          Analysis Mode:stream
                                          Analysis stop reason:Timeout
                                          Sample name:OriginalMessage.txt.msg
                                          Detection:CLEAN
                                          Classification:clean2.winMSG@21/37@34/243
                                          Cookbook Comments:
                                          • Found application associated with file extension: .msg

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 52.109.44.110, 52.109.16.112, 104.84.231.105, 104.84.231.106, 52.113.194.132, 72.21.81.240
                                          • Excluded domains from analysis (whitelisted): omex.cdn.office.net, osiprod-ncus-buff-azsc-000.northcentralus.cloudapp.azure.com, wu.azureedge.net, asia.configsvc1.live.com.akadns.net, ncus-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, krc-azsc-config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, wu-bg-shim.trafficmanager.net, us1.roaming1.live.com.akadns.net, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: OriginalMessage.txt.msg

                                          Created / dropped Files

                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):338
                                          Entropy (8bit):3.45243740510683
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:86C22D9AFE69ED24094DE66E15229F88
                                          SHA1:D615C0CAD5012387B598BB3FEEB85F05DB14DE61
                                          SHA-256:3A0813EE624E8E2204789AC41206A4585B0D6B5A8F44271665CAD17366AEB76F
                                          SHA-512:40ADB028AE7ADE9FDEFCBD3BA49CD07AEDB7867A5B8A4E1C8484433397225099DB4F0AEC9464329712C5E53E8195938F340E9CF0FF21C7210C7897E71EFAE831
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:p...... ........C..r...(..................................................^SZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):231348
                                          Entropy (8bit):4.387958180771815
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:B2F6E89412F5682E12BB7F8B0B2160FC
                                          SHA1:35EA5BF6AB614E78819C61647A7D6CDB18244C4A
                                          SHA-256:C3EB078A4F55DBD2B5480B58ACD16EB4CE8AD72C087378E6AE5EE675F06C53CF
                                          SHA-512:7DC5E9820CE99E1A6F47538749EC52D179638676C7863D91466ED2C40D3F9A8332B2A414BBC11E139A5E3E58A178FF5B669BB3C72A5A8CC6E574FD67B1F69B1E
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:TH02...... ....i.......SM01X...,....6si...........IPM.Activity...........h...............h............H..h..=.......sT...h............H..h\cal ...pDat...h.r..0...P.=....h{.F?...........h........_`.j...h7.F?@...I.lw...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h;.......h.=...#h....8.........$h........8....."h..............'h..I...........1h{.F?<.........0h....4....j../h....h......jH..h.5..p.....=...-h .........=...+h.F?.....=................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with very long lines (65536), with no line terminators
                                          Category:dropped
                                          Size (bytes):322260
                                          Entropy (8bit):4.000299760592446
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CC90D669144261B198DEAD45AA266572
                                          SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                          SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                          SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):10
                                          Entropy (8bit):2.4464393446710155
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:89CF3361AD8BEBBEEC2B9DAB20ED8E24
                                          SHA1:55F74BB0DFCC1127AD87A2729A0CA302EDF279FD
                                          SHA-256:6E5FDABFAB9D83EE2CEAC76289868A7AD1BE7BAA4071571C90F9E4A627F1BAE1
                                          SHA-512:46222107792AE8E7E15AADCD30FD3EE3A85C10288CEA50227478C6DC5B42B2C69664AECE57EF434556568396E8A46A5D33EA7BC5F08CA048B9D7B61A867AE311
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:1713476606

                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\11E0A2DA-00FA-4390-9AE9-873E19A2F295

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):166203
                                          Entropy (8bit):5.340910626865216
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6A1E426A416BABB080C031F121BA53E1
                                          SHA1:63582EADDF2B9CA7920737DB8B004B94D74C4AA2
                                          SHA-256:114DB4731D71E88833806AB874FF6CB4D6B64B37FCBA02F10E780C4E44DB753B
                                          SHA-512:EF333C536FA37D49B164308B900DAE9FBDEC73851E296E7048395D98769502B312E7AB07490087B18A0900E643C85D72B54FBFBEB329DF46DB50D135B3AC1018
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-04-18T21:43:25">.. Build: 16.0.17607.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuth

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                          Category:dropped
                                          Size (bytes):4096
                                          Entropy (8bit):0.09216609452072291
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F138A66469C10D5761C6CBB36F2163C3
                                          SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                          SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                          SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:SQLite Rollback Journal
                                          Category:dropped
                                          Size (bytes):4616
                                          Entropy (8bit):0.13760166725504608
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CC7CA52FF6CF4085AC7B7BB5E80F1850
                                          SHA1:7B9489EDD6032BA375AB6E109B7645E183E350C5
                                          SHA-256:AE786BB5AB6496882895077934E7E16794E5BB387099908EB349D8E173DB1105
                                          SHA-512:8951AFD42784242FD283D913F29C45825AEA8616921F319D78A252170BC1BFC224342442AD1252C768BBD4738F573223F504FC6CA97ACA16712371C422EBE83B
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.... .c.....y.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):32768
                                          Entropy (8bit):0.0445382698033491
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:4B846CDF26AF4E36D437645B90AF0B44
                                          SHA1:76F33F1AD286688DE1BC56897A7E77703202192E
                                          SHA-256:F25883E2F5DA498E7CCAE7C2A7A7D15BE207E107841E83141B594FFCF0FCB193
                                          SHA-512:48E5972D47F1B9C26DAD2654B76F3FC779DFF95CDC169F04B819BDA82050F5A637CE5847B697B6C78BF31DAFD63010728C2E91D23AB9B8AF8F61E16E006602B7
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..-......................-H|N?.[w.....lT..(...U/..-......................-H|N?.[w.....lT..(...U/........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:SQLite Write-Ahead Log, version 3007000
                                          Category:modified
                                          Size (bytes):45352
                                          Entropy (8bit):0.3931791653396542
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:DFB2544C56835B7453F9262FF9B00CF2
                                          SHA1:C5BF917DCA9295D092826D04CA84A171534C6994
                                          SHA-256:BC38C30D4777F3E3CB6DBB16F128BD089C7A62A77E86EF9C990ED8FE33AF612A
                                          SHA-512:44735D58B1BC2AFEFF75CFE5A4E3356A880AC05BA7130E905EB164E01D72572E4B3EBBAA515A7B46DD25A20F5B40C2303DE51BFEEBB1361B67737DA6032A3492
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:7....-..........w.....lT.......?........w.....lT.....1.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{68ED850E-C907-48B3-AC11-596E36093F34}.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1872
                                          Entropy (8bit):2.4900047351993844
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:97D219859F002CA982A60ABA3EE57D4D
                                          SHA1:AD08E3F48468A7A2CAE6D32ED17F710D198759F4
                                          SHA-256:618C214B8A243701B1C78CD68A5389802A54E01708E641DA29F8E1AA3D0DBEF4
                                          SHA-512:F7A3525C678D09D1BBA9DA56F8385CA4E30B29BB65A1206B453F3D452D9FF491423C9DBE88C7124403722EC0B759C89BA89D98B9F8E6560D41E138306CA791D0
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:....D.e.a.r..... .a.p.@.d.d.c.a.z...c.o.m. ...D.i.d. .y.o.u. .r.e.q.u.e.s.t. .a. .p.a.s.s.w.o.r.d. .c.h.a.n.g.e.?. ...C.l.i.c.k. .b.e.l.o.w. .t.o. .c.o.n.f.i.r.m. .w.i.t.h. .y.o.u.r. .n.e.w. .p.a.s.s.w.o.r.d. .o.r. .p.r.o.c.e.e.d. .w.i.t.h. .y.o.u.r. .i.n.i.t.i.a.l. .p.a.s.s.w.o.r.d. .i.f. .y.o.u. .d.o. .....n.o.t...r.e.q.u.e.s.t. .f.o.r...t.h.e. .p.a.s.s.w.o.r.d. .c.h.a.n.g.e.....................................................................................................................................................v...6............................................................................................................................................................................................................................................................................................................................................................................................................................................................-D..M..................

                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713476603617279700_DE2E8C33-E130-4737-981C-B4B608C12A1F.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:ASCII text, with very long lines (830), with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):20971520
                                          Entropy (8bit):0.005254751024262591
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:E549A54ED1DD3017F8E1520B8A15F74D
                                          SHA1:8E78CD365A85CD9B0A5AC4108082A5A9F4F53257
                                          SHA-256:FD7EEE044E8FFBCC3A225C283B4A68E568B241DFAC5294D3CC53D2CECADEE021
                                          SHA-512:FBB62706188298114DA1A2348A4AF1E8BD4D091AC12AB8DB73B414E4B7EACBB35B089CFCE3D560568FB94DC0004E139B643F80C90BC6CEA30E2D12665AA5DFE6
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..04/18/2024 21:43:23.662.OUTLOOK (0x1BB0).0x1BB4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-04-18T21:43:23.662Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"1EB90939-1D3F-4460-8F5B-F9D559E0E012","Data.PreviousSessionInitTime":"2024-04-18T21:43:11.597Z","Data.PreviousSessionUninitTime":"2024-04-18T21:43:14.284Z","Data.SessionFlags":4,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...04/18/2024 21:43:23.693.OUTLOOK (0x1BB0).0x1880.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"

                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1713476603618109800_DE2E8C33-E130-4737-981C-B4B608C12A1F.log

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):20971520
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240418T2343230438-7088.etl

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:modified
                                          Size (bytes):114688
                                          Entropy (8bit):4.686214233928627
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8E2DC7A288B42E99AD66DBBC284D1B62
                                          SHA1:CBBA0AE5ABEB9B20478967212795D776B473D82D
                                          SHA-256:3E8A1CE12CAD15919CA680A61F45793C1FE1C3D1CD4054BC24F60A4183818D8D
                                          SHA-512:79ED5910EB799C7E3ADD8B52CD8AB02FCB665A04E3D01B3BA99A2E13840898F3769F3D7E7539B66500B611778FCA785AFC27B357A6C5F6E5D0E89631D3F84512
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:............................................................................`............e.p...................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1...........................................................0m.a.Y...........e.p...........v.2._.O.U.T.L.O.O.K.:.1.b.b.0.:.9.4.e.5.e.2.e.6.c.d.d.3.4.3.c.7.9.c.e.a.1.7.e.a.3.a.5.1.7.b.4.a...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.4.1.8.T.2.3.4.3.2.3.0.4.3.8.-.7.0.8.8...e.t.l.......P.P..........e.p...........................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Temp\~DFEA93DD7BD88ADF28.TMP

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):163840
                                          Entropy (8bit):0.34391610100446307
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F0BF57715ADEE04E98674E5843C5DB07
                                          SHA1:99C9761F23402C3FBF68252BAFDE19DAF19621EB
                                          SHA-256:2CC78C511FDE8EF42C7957469A2B112E1F9BF1F109904ED4099A82548A819AA3
                                          SHA-512:5B2799669621C22F9AAB409F1C25C796770FDE3A35C3B097F64F9B5345B598E9BAEA505D684DAA873B7DD090D194248F33AEF196D79B8712F966709243A5BCB3
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):30
                                          Entropy (8bit):1.2389205950315936
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:91F8CD361CF65CA76F74D295BFFD2CE6
                                          SHA1:329FDD36031A71335B8EFA7FDBDE7ABE15AC61BC
                                          SHA-256:21DB2EF55588DCAB21C3054A67688ED29F6812362F051B6C64D798C3291EBE33
                                          SHA-512:32AB0ED14F7FC48C1EF86C4AABF260C65C9EECE87839F7F0592D758362DF16D7AEAFCA284BFFA5173E9B664525808A66CE97C533BD716A34D2A82FFDBAB69C47
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:..............................

                                          C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:Composite Document File V2 Document, Cannot read section info
                                          Category:dropped
                                          Size (bytes):16384
                                          Entropy (8bit):0.6702357358303939
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:FE3DD2340AB13CA69950993BA9805459
                                          SHA1:ADB7305347D1103AF8099B08BEE92EB994EEB4AE
                                          SHA-256:6A9E68150358E5D068F72AA73979755A3073C9A3685D7D518854ED6B188872B9
                                          SHA-512:FEE4D2D4928F01D763055D29A3704296AA08AA3C8F9F01FD2B344FB789A499F5C79015E548F12D61D405DC9F1CF0977CAF3FF10B38638A640C571C4BB6141786
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:43:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2673
                                          Entropy (8bit):3.988474914372254
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:F3F0DE0DB450231D44DBD97A53D1D1F3
                                          SHA1:9E502E909435A612AFDA65618B3D5CB048459A83
                                          SHA-256:ABEAE5C540C7E94D24F53CF27FFCF9DF115478ABCE3FD14D164D83E3AF3E0A42
                                          SHA-512:DE6A113D29A8250AF21D84E3F5F99EB660AC9251D2395820C825CC2E13312D49C3D4FB06918A4675C9C3D7B3381B4E5FC2A5C178A026673C909F240CD020C890
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.......w...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xf.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xq.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xq.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xq............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xr............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:43:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2675
                                          Entropy (8bit):4.006160688294203
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:6AB55C5865EF90EDC091213461AECC54
                                          SHA1:43937BED95C9E598703831A72876B6AFE247C17C
                                          SHA-256:5439FE09B4EA652D9B3FAF17C625EF9261D8B6A1B26CF0A6380362BDC577A4DA
                                          SHA-512:1ACB0898962CD2A2379A5B64BD62AFEC5CE7779A3A245A96AAF0CA37C150D458B4327795706C3CC165D8D5880A4B3D7646DDC195C5D8CDCD46F0543409F58619
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.......w...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xf.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xq.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xq.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xq............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xr............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2689
                                          Entropy (8bit):4.012559093085838
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:52C2AD1CBB7B0A1AC316432E66A698CF
                                          SHA1:226256ED54A30E6FEE044CAFCF0A38A7FEF37A36
                                          SHA-256:C49DD9E93C3A894C34B93C9EC4E3B257B62EDF7E56D23615664C9BC2EABFCC14
                                          SHA-512:726E5623FD67C7E84A0C6FDB7CBF33C8F6725CB7606B8A1C334540320E8CEACF5F55DE60D145FFB98368B96FB2F79A16B790B3A06E28D411808E807DFFEB761D
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xf.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xq.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xq.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xq............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:43:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2677
                                          Entropy (8bit):4.001941883409144
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:06F54434DA544A72062F59478F9E4DF0
                                          SHA1:D81E57B92CEB02A7CE86DD777F8D230DF1121FBB
                                          SHA-256:B27FAFF3E533733E08774A873588DC91DF90F2C55CE659B39748E2012E18923B
                                          SHA-512:FE607B674CA045871251564F5BBBC35ED7A3E83FB22540E0113D612F74812795AF3AB608308D8A1CC993451D66E03AF28768A7AED30637E29710C2180D9536B6
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,....0..w...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xf.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xq.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xq.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xq............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xr............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:43:36 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2677
                                          Entropy (8bit):3.9896389392784783
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2A304BF6358876FB70541A249283344E
                                          SHA1:6270B1D725FF9DFED7E380CA9A505B631A265C80
                                          SHA-256:A001A858023B7D1D534F4E54265F999C033B7C1E63CEAEA4CC11571B433EF48C
                                          SHA-512:FD6339179A489DE1367409BD0EDEEB0FC37166EF48988CAA065FAE1347523F74D8942E6ABACDBEF68674E391D5E880B8721FBFB68AC3E9207B86C1CCFB22E775
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,....e.w...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xf.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xq.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xq.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xq............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xr............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 20:43:35 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                          Category:dropped
                                          Size (bytes):2679
                                          Entropy (8bit):3.998978348872155
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:84574D1B3319150FFF86C0E5883B229D
                                          SHA1:50CFA45EE66D483C956BCB204429663FE9FC98EC
                                          SHA-256:47666ADCEB8F9C729A70807AE307EE30EE9EFA031B8BE567566C7402ECEDDF6F
                                          SHA-512:8C9CF9BBE217022B77A85668090A84DB73A12D1A8947EBF36FC7D3E040B346C173560555F3D61FD9213E619A0F4EE304C54C31081B2DD05C80965F477FE603EA
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:L..................F.@.. ...$+.,.....rww...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xf.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xq.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xq.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xq............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xr............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:Microsoft Outlook email folder (>=2003)
                                          Category:dropped
                                          Size (bytes):271360
                                          Entropy (8bit):1.570908502630971
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:1AC3E72BB3D04D161638C7EB70D5D6B9
                                          SHA1:52901DC4F119F5D4F8847CBC0882FC78741A01AC
                                          SHA-256:FE3BB77D5AF6B9316F96900564297ED70B30152A6431328C9856D149410A5B54
                                          SHA-512:6D952DBA27C50C9525D8BACE253FBE63F5F58CEBF1B82AA51EA839EF54627F37AA7E7FB4A13DCA0F76827AC8E7FA002D7F8B37FE605306E136BFBB8E919B57F0
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:!BDNf...SM......\...c...........z.......\................@...........@...@...................................@...........................................................................$.......D.......:..............y...............v...................................................................................................................................................................................................................................................................................................:.a..c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                          Download File
                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):131072
                                          Entropy (8bit):0.9999619673977912
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:999B17A8F6CFAC1FE661D14B24DEF2BF
                                          SHA1:01AFCD7051410F717672A2EDA47D7CB8DADFCD41
                                          SHA-256:BA7DA9CB13B9BAA134EEF3CE87559E301628BA3CC4D2D88C56E2AA550E27520B
                                          SHA-512:9C66F034A907D5C3AC83074165E941C391BEE1B478975B70A99E1B5001D65F7087956288303FDBFB6C4D975747CE8BE9EF2D4C4801F825154A6785D2D0B35A60
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:...KC...N..............o.....................#.!BDNf...SM......\...c...........z.......\................@...........@...@...................................@...........................................................................$.......D.......:..............y...............v...................................................................................................................................................................................................................................................................................................:.a..c....o........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                          Chrome Cache Entry: 76

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text
                                          Category:downloaded
                                          Size (bytes):288580
                                          Entropy (8bit):5.066983843372853
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:2849239B95F5A9A2AEA3F6ED9420BB88
                                          SHA1:AF32F706407AB08F800C5E697CCE92466E735847
                                          SHA-256:1FE2BB5390A75E5D61E72C107CAB528FC3C29A837D69AAB7D200E1DBB5DCD239
                                          SHA-512:9FFE201D6DDAB4CDD0A9171B0A7E9EC26A7170B00719A0E3A4406EE3165DE3B3745B6A10FBAABBA1CDCF5ECB6B2585DC6CD535387750D53EE900FFA08B962EF2
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js
                                          Preview:/*!. * jQuery JavaScript Library v3.6.0. * https://jquery.com/. *. * Includes Sizzle.js. * https://sizzlejs.com/. *. * Copyright OpenJS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. *. * Date: 2021-03-02T17:08Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return fa

                                          Chrome Cache Entry: 78

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):3405
                                          Entropy (8bit):5.2482265760791655
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:50C446E4404BDDA682D64622E8BE54C6
                                          SHA1:2D35EEBA647614BE667A8B684CA37D49C5863B6D
                                          SHA-256:EC9A26FD64E5BE4CBA2CAFE9B8A88E5809A16A6D5B7EC6C997FA5D50E61A3095
                                          SHA-512:FCA1414D58CAD2226010BAA01C1ADDA453BEEAB83CE8AA7DB29E39A58B4D14C02B694A5C1D4FA491D5C855FEE72C77E84A8D3E00605AE1F11376729CCB481FB3
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://bafkreihmtitp2zhfxzglulfp5g4krdsybgqwu3k3p3dmtf72lviomgrqsu.ipfs.nftstorage.link/?login=ap@ddcaz.com
                                          Preview:<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">.. <meta name="Generator" content="Microsoft Word 97">.. <meta name="GENERATOR" content="Mozilla/4.73 [en] (Win95; U) [Netscape]">.. <meta http-equiv="REFRESH" content="0;url=">...<meta name="robots" content="noindex">...<meta name="googlebot" content="noindex">...<meta name="googlebot-news" content="noindex">...<meta name="otherbot" content="noindex">...<meta name="noarchive" content="noindex">...<meta name="nosnippet" content="noindex">...<meta name="noimageindex" content="noindex"> ...<meta name="robots" content="nofollow">...<meta name="googlebot" content="nofollow">...<meta name="googlebot-news" content="nofollow">...<meta name="otherbot" content="nofollow">...<meta name="noarchive" content="nofollow">...<meta name="nosnippet" content="nofollow">...<meta name="noimageindex" content="nofollow">...<meta name="robots" content="max-snippet:0">..<style>..#spintarget { ..

                                          Chrome Cache Entry: 79

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (65447)
                                          Category:downloaded
                                          Size (bytes):89947
                                          Entropy (8bit):5.290839266829335
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                          SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                          SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                          SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
                                          Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                          Chrome Cache Entry: 80

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (7827), with no line terminators
                                          Category:downloaded
                                          Size (bytes):7827
                                          Entropy (8bit):5.77210689761551
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:8701553AAC686DE53177688B664281DD
                                          SHA1:B85A2E6152271E3D617DF82F738A39FBDE76A6B4
                                          SHA-256:8A18CD9B1039B0F6AAD029CC87F5F6DD1C06281D5CD697187732BE31E9C4775A
                                          SHA-512:7688C10AF08CDEF65015C803CE0FF63FA56D6D0422EE7E1760B8D1421A4C99398952E85F0D9A59D125E2480DC9A4CC26C41539BD45C82CBECE6AADEA14CA1A05
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://defendguard.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
                                          Preview:window._cf_chl_opt={cFPWv:'g'};~function(V,g,h,m,n,o,y,z){V=b,function(c,e,U,f,C){for(U=b,f=c();!![];)try{if(C=-parseInt(U(430))/1+parseInt(U(370))/2*(parseInt(U(404))/3)+-parseInt(U(414))/4*(parseInt(U(398))/5)+-parseInt(U(336))/6*(-parseInt(U(341))/7)+-parseInt(U(367))/8+parseInt(U(412))/9+parseInt(U(351))/10,e===C)break;else f.push(f.shift())}catch(D){f.push(f.shift())}}(a,716671),g=this||self,h=g[V(391)],m=function(a0,e,f,C){return a0=V,e=String[a0(410)],f={'h':function(D){return null==D?'':f.g(D,6,function(E,a1){return a1=b,a1(338)[a1(432)](E)})},'g':function(D,E,F,a2,G,H,I,J,K,L,M,N,O,P,Q,R,S,T){if(a2=a0,null==D)return'';for(H={},I={},J='',K=2,L=3,M=2,N=[],O=0,P=0,Q=0;Q<D[a2(433)];Q+=1)if(R=D[a2(432)](Q),Object[a2(388)][a2(342)][a2(387)](H,R)||(H[R]=L++,I[R]=!0),S=J+R,Object[a2(388)][a2(342)][a2(387)](H,S))J=S;else{if(Object[a2(388)][a2(342)][a2(387)](I,J)){if(256>J[a2(417)](0)){for(G=0;G<M;O<<=1,P==E-1?(P=0,N[a2(385)](F(O)),O=0):P++,G++);for(T=J[a2(417)](0),G=0;8>G;O=O<<1.6|1.76

                                          Chrome Cache Entry: 81

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                                          Category:downloaded
                                          Size (bytes):61
                                          Entropy (8bit):3.990210155325004
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                                          SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                                          SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                                          SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D
                                          Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                                          Chrome Cache Entry: 82

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with very long lines (364)
                                          Category:downloaded
                                          Size (bytes):5691
                                          Entropy (8bit):4.887889279191508
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:45FF8BCFC1C1A8ADC4A884F6B84E55B1
                                          SHA1:76940DCD2150591B977EBB4F81D0DEC0A525240F
                                          SHA-256:F34962CE3EDB437633E799736AE47C7F71473EF61AE455FA252C680F1E3BAB73
                                          SHA-512:C81374A5A446ED0CC907BA22E2BE73522347EDB72DE45C06DC24A3169AE57EF9D558D639CD991B864B4E85AFDE111C48A9B7AFBF71D705CC57AA3BF446639A67
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://defendguard.top/_mysterio_omni/zure/7d9a0d11cb36e12a68817aff945390de/login.php?login&_x_tr_sl=auto&_x_tr_tl=null&_x_tr_hl=null&_x_tr_pto=wapp&request_type=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null
                                          Preview:<!DOCTYPE html>.<html lang="en" class="FZnggN translated-ltr" style="overflow: auto;"><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">.<base href=".">.<title class="3dxvFv logoname"></title>.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<script src="./resources/jquery.min.js"></script> .<link rel="apple-touch-icon" type="image/png" class="Tmntrl logotitle" href=""> .<link rel="shortcut icon" type="image/x-icon" class="361wCc logotitle" href="">.<link rel="mask-icon" type="" class="8JNvEV logotitle" href="" color="#111">.<meta name="robots" content="noindex">.<meta name="googlebot" content="noindex">.<meta name="googlebot-news" content="noindex">.<meta name="otherbot" content="noindex">.<meta name="noarchive" content="noindex">.<meta name="nosnippet" content="noindex">.<meta name="noimageindex" content="noindex"> .<meta name="robots" content="nofollow">.<meta name="googlebot" content="nofollow">.<meta name="googlebot-news" conten

                                          Chrome Cache Entry: 84

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:GIF image data, version 89a, 48 x 48
                                          Category:dropped
                                          Size (bytes):46341
                                          Entropy (8bit):7.770392720954173
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:BAB0AD7CE20E911217791C00BCD4E35B
                                          SHA1:0822AC44951DEF4349090998B9ECB153128F03D5
                                          SHA-256:BD750F550A5DB2901C0BD52EC564DA6ADFBAD55562B862B1F125D96D9D62B026
                                          SHA-512:B856A53A80A9DEE9705500C23201760B556495B369F7C7914EAB0B3AE77233A448DF7243F7C47A7088BEDFF9F04AF8B16F8FC2B35CD5D3D4040D06022B9DBACA
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:GIF89a0.0......&........${b....v[.mQ...l..K.|..q............^?......B.u.....[....E......[..)}eT..=.s.........:.tY.qV.......z..f-.i....fH.......Y...u......................h....................x]....dEP.~.................iL.......`..x..0.j...}..|..I.y...E.x......hJy..X...kN......8.n5.m........U..e..!x^.z`.......jMy..:.p.`A...u......................................pT.................0.l.bD..0.......nR..Pi............~..b...R1F.{4.j~..e....._...hJg..x..........|.................O..............lO..p...5.o......._@t..|..6.k_..t...................7.q........q..0.f........._.....G.vx..d..............2.k.........@.q....rW...+.g...n.....4.l...z.....w............eG.kN.kO...]........0.h...............m...o..?.wN.{........X...cC.cD....jM......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="ht

                                          Chrome Cache Entry: 85

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                          Category:downloaded
                                          Size (bytes):3410
                                          Entropy (8bit):5.247787652410367
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:9AC824F8699D3FAD4A706E118C7987BB
                                          SHA1:EF1B664A479CA91ED336017068E09BF0093CBCBE
                                          SHA-256:86E63B58CA882B6496815D3B363ADDD4F0F90C994704EEB0835A353599FBCA86
                                          SHA-512:2BDDEDAF77BDD0EA2029059484951882B140A35EAAC86762C38BA2AD6CD99F5AD48082814559BB5416FD945E7716F77DC639F7EF53F109765932594162D505CE
                                          Malicious:false
                                          Reputation:unknown
                                          URL:http://vosmuta.click/control_dotcom/?login=ap@ddcaz.com&page=null&request_type=null&page_bg=null&no_redrct=null&pcnt=null&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=null
                                          Preview:<!DOCTYPE html>..<html>..<head>.. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">.. <meta name="Generator" content="Microsoft Word 97">.. <meta name="GENERATOR" content="Mozilla/4.73 [en] (Win95; U) [Netscape]">.. <meta http-equiv="REFRESH" content="0;url=">...<meta name="robots" content="noindex">...<meta name="googlebot" content="noindex">...<meta name="googlebot-news" content="noindex">...<meta name="otherbot" content="noindex">...<meta name="noarchive" content="noindex">...<meta name="nosnippet" content="noindex">...<meta name="noimageindex" content="noindex"> ...<meta name="robots" content="nofollow">...<meta name="googlebot" content="nofollow">...<meta name="googlebot-news" content="nofollow">...<meta name="otherbot" content="nofollow">...<meta name="noarchive" content="nofollow">...<meta name="nosnippet" content="nofollow">...<meta name="noimageindex" content="nofollow">...<meta name="robots" content="max-snippet:0">..<style>..#spintarget { ..

                                          Chrome Cache Entry: 87

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text
                                          Category:downloaded
                                          Size (bytes):300
                                          Entropy (8bit):5.320537180348677
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:D1AEBD96E461A75E545E19F189ABF6AC
                                          SHA1:9A5B3006E034BB9BC4EA7A258F3197F4EA9A11E1
                                          SHA-256:10E224C560A40AA4D1F11A5E858944E0D24996AABAB767D58AFB14AB82DC5E4B
                                          SHA-512:39242CF9E839F76992A9EB6ED539A3DB7EC720672CB4361656186FEF7285E7BD02C737146A34C34126960BCD4AF292CFA877263C24E854558FE533835539AD5F
                                          Malicious:false
                                          Reputation:unknown
                                          URL:http://vosmuta.click/favicon.ico
                                          Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30 Server at vosmuta.click Port 80</address>.</body></html>.

                                          Chrome Cache Entry: 89

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 16 x 16, 8-bit colormap, non-interlaced
                                          Category:dropped
                                          Size (bytes):228
                                          Entropy (8bit):6.299138014283589
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:CDC3F7291A5A930CE84D2F825AB38CAF
                                          SHA1:84CE417BACFEA0AB571E1E116BFE155218E3335D
                                          SHA-256:B8F2FE6CD0317E9052DAB065EF92F4CB62DFA210752CD5DB1A283F55EF7EA7CC
                                          SHA-512:378630939E95A83859A3E0D79CB46645DBA18438B21F1F7472C7300C37BFCD52D96733052469AC4A6AF2FE71715E7099803FDDFC45D941CF8B0AB5251F5B2F1F
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR.............(-.S...*PLTE+..GpL+..+..+..+..+..+..-..+..+..,..-../....W.....tRNS...{/....;.S........[IDAT..u.Q.. .C.1....u.q"...^...-.+.a..).9.aBB..(....PE..][Kh.N..H....a.\.CX[2M....................IEND.B`.

                                          Chrome Cache Entry: 91

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:HTML document, ASCII text
                                          Category:downloaded
                                          Size (bytes):302
                                          Entropy (8bit):5.284589343501797
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:80A0117131329166F55E7DC4022B63F9
                                          SHA1:5838A1B9111A88EBB24A1CA6D8A8D5469FDC97BD
                                          SHA-256:B35585CF421AFCCCD16BCA81C01A0F63D01F877A17DE377A1160D40A40BEB6C0
                                          SHA-512:482E101BB1463125BC6804F7BCE18B39C9A0677A1E2742F2451BC9560714EF898505AD091EE08CF444984353A46F0ED2932C58C766ACA3F88D2C5E744CF2FB22
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://defendguard.top/favicon.ico
                                          Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30 Server at defendguard.top Port 80</address>.</body></html>.

                                          Chrome Cache Entry: 92

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines (42414)
                                          Category:downloaded
                                          Size (bytes):42415
                                          Entropy (8bit):5.374316408837108
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:374FEC8B5E50CD6AB980F3FEF21A5AA0
                                          SHA1:7F474607991A19B6F1B78CC32E0F75B501B60774
                                          SHA-256:8AF2DA74872F03E058AB79A584176D2086AFC01BBD42DD2ED14259179341BE6A
                                          SHA-512:3420E0DEF4FA49BD8B67DA80F1C3F56A08B4892BC0373D7BB824F8126713B209116147D4B1E1D5E7B07C6DBC58B1AD411AEB2F5A0DAE99FFC220246311E3808E
                                          Malicious:false
                                          Reputation:unknown
                                          URL:https://challenges.cloudflare.com/turnstile/v0/g/54ea73d52131/api.js
                                          Preview:"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                                          Chrome Cache Entry: 93

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:PNG image data, 57 x 56, 8-bit/color RGB, non-interlaced
                                          Category:dropped
                                          Size (bytes):61
                                          Entropy (8bit):4.068159130770306
                                          Encrypted:false
                                          SSDEEP:
                                          MD5:30C29A0851967AEA0B668E37EA9AC2D6
                                          SHA1:3406444D21B44B0DE23099753A45355D545B861E
                                          SHA-256:FA7377302D134F01CD7D564F8A5D7DEE4C7BEC166CDF6CF75479F49770125F54
                                          SHA-512:201FA22BA383CC7FC846CF343EE844BA2F589418B354B76B60B9F9EC0C6E7F73418314289CF334443E6D0495C18A17A796D8DCF9B03EEFD041CE96633F78FD19
                                          Malicious:false
                                          Reputation:unknown
                                          Preview:.PNG........IHDR...9...8......&.w....IDAT.....$.....IEND.B`.

                                          Static File Info

                                          General

                                          File type:CDFV2 Microsoft Outlook Message
                                          Entropy (8bit):4.397656168229917
                                          TrID:
                                          • Outlook Message (71009/1) 58.92%
                                          • Outlook Form Template (41509/1) 34.44%
                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                          File name:OriginalMessage.txt.msg
                                          File size:67'584 bytes
                                          MD5:94d365363d19d0b415304f5fae2ec727
                                          SHA1:eb8439bdaaeb67c95e86a4ed0c0a467ec8645933
                                          SHA256:e88ee09c7fd0d5646d60b6bd7c2625d4b43badd76fd56e3e6fe9915d5219e0b8
                                          SHA512:831ab1986653f639afd8e0785d0d6ac488815fd07c9c0f27c115713282b95443d250505ed7d1d3e0ea1888bef2f1d81c9cc0e0a41fa386ce8d09a4f2a6a2d944
                                          SSDEEP:768:GZKtHJeBeR6wmlQT5dlH8xrTCBudP9VA9/xsK4sKJkPNGekmZ8JR6eupPBv86bdr:7tB6uGrT0SP9oQiVGeDesej6t
                                          TLSH:4863631435FB4109F1B79F754FE5A0A7863ABC92AD15959F3190330E0AB2A80EC71B7B
                                          File Content Preview:........................>......................................................................................................................................................................................................................................

                                          Static Mail

                                          General

                                          Subject:[SPAM]Account Password Reset ap@ddcaz.com
                                          From:ddcaz.com <s-kindai1965@kindai-rf.or.jp>
                                          To:<ap@ddcaz.com>
                                          Cc:
                                          BCC:
                                          Date:Thu, 18 Apr 2024 23:38:43 +0200
                                          Communications:
                                          • Dear ap@ddcaz.com Did you request a password change? Click below to confirm with your new password or proceed with your initial password if you do not request for the password change. Enter Old/New Password <https://nftstorage.link/ipfs/bafkreihmtitp2zhfxzglulfp5g4krdsybgqwu3k3p3dmtf72lviomgrqsu?login=ap@ddcaz.com> Note: Access to E-mail account will be restricted within 48 hours if wrong password is inserted more than 3 times. Regards, mail Support Team
                                          Attachments:

                                            Headers

                                            Key Value
                                            Received-SPFNone (mailb.desertdiamondcasino.com: no sender
                                            x-record-text="v=spf1 a include_spf.bizmw.com ~all"
                                            Authentication-Resultsmailb.desertdiamondcasino.com; spf=SoftFail smtp.mailfrom=s-kindai1965@kindai-rf.or.jp; spf=None smtp.helo=postmaster@d-olsen2.cloudpress.ws; dkim=pass (signature verified) header.i=@lesterjohnson.net; dmarc=fail (p=none dis=none) d=kindai-rf.or.jp
                                            IronPort-SDR662192e7_3OcKwANR40Gc+IWxBsgkpGpVeykL7+JpPbiENFaPiDCiWEi
                                            X-IPAS-Result=?us-ascii?q?A0H//zNxkiFmRw12I6EBVgMcAQEBKwEJAQYBAQQEAQECA?=
                                            IronPort-PHdrA9a23:aSIothbUOhYpjn/zRk+qUNf/LTHd14qcDmcuAukP0/Zid6259K7vN
                                            IronPort-DataA9a23:AECWia2ZLIoUwDXFsvbD5VJ1kn2cJEfYwER7XKvMYLTBsI5bp2YDx
                                            IronPort-HdrOrdrA9a23:MaakQaiHw+RMqff7RPYVlDEOmHBQXu0ji2hC6mlwRA09TyX4ra
                                            X-Talos-CUID9a23:SDWHp2/0eBAM6Pl8ZLGVv3YvRMQqQmfh9nnJD3O9GGIxbZ+kR2bFrQ==
                                            X-Talos-MUID9a23:vSvXkAlbQyB3mnbzorqVdnpNZdxB0o6sInwRmMomuuemL3VWAiWk2WE=
                                            X-IronPort-Anti-Spam-Filteredtrue
                                            Subject[SPAM]Account Password Reset ap@ddcaz.com
                                            X-IronPort-AVE=Sophos;i="6.07,213,1708412400";
                                            X-Amp-ResultSKIPPED(no attachment in message)
                                            X-Amp-File-UploadedFalse
                                            Receivedfrom [38.255.60.107] (port=63706 helo=HY-28706)
                                            by mailb.desertdiamondcasino.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Apr 2024 1438:45 -0700
                                            DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
                                            d=lesterjohnson.net; s=default; h=Message-IdDate:MIME-Version:Content-Type:
                                            ToSubject:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
                                            Content-DescriptionResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
                                            Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
                                            List-SubscribeList-Post:List-Owner:List-Archive;
                                            Thu, 18 Apr 2024 2138:43 +0000
                                            Fromddcaz.com <s-kindai1965@kindai-rf.or.jp>
                                            To<ap@ddcaz.com>
                                            Content-Typemultipart/alternative;
                                            MIME-Version1.0
                                            DateThu, 18 Apr 2024 22:38:43 +0100
                                            Message-ID<18432024043822999331E465-250EC430E7@kindai-rf.or.jp>
                                            X-AntiAbuseSender Address Domain - kindai-rf.or.jp
                                            X-Get-Message-Sender-Viad-olsen2.cloudpress.ws: authenticated_id: administrator@lesterjohnson.net
                                            X-Authenticated-Senderd-olsen2.cloudpress.ws: administrator@lesterjohnson.net
                                            X-SourceX-Source-Args:
                                            X-Source-Dirdate: Thu, 18 Apr 2024 23:38:43 +0200

                                            File Icon

                                            Icon Hash:c4e1928eacb280a2