Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg

Overview

General Information

Sample name:EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg
Analysis ID:1430586
MD5:1e81508d7f63b72b6ac2e12b2abd691a
SHA1:8344246f332e5efdc4f1ecb82bde0939131939c5
SHA256:5afe7e917f3036d18c1d55aaf47d8716fb0fa7fdfbcc907da1ffe387ce07a5e4
Infos:

Detection

HTMLPhisher
Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
HTML body contains low number of good links
HTML title does not match URL
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores files to the Windows start menu directory
Stores large binary data to the registry
Submit button contains javascript call

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 1092 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 4112 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "01748ADD-B2F4-40AA-9AE9-B4243BB7D994" "37B7238A-2833-4D98-A9E4-733A40E4795C" "1092" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6340 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 6528 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2000,i,960705186740720573,12329479550179494543,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
dropped/chromecache_136JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
    dropped/chromecache_118JoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      HTML

      SourceRuleDescriptionAuthorStrings
      1.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
        0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          1.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
            0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
              1.1.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
                Click to see the 1 entries

                Sigma Signatures

                Sigma detected: Office Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1092, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                Phishing

                barindex
                Yara detected HtmlPhish10
                Source: Yara matchFile source: 1.2.pages.csv, type: HTML
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                Source: Yara matchFile source: 0.0.pages.csv, type: HTML
                Source: Yara matchFile source: 1.1.pages.csv, type: HTML
                Source: Yara matchFile source: 1.2.pages.csv, type: HTML
                Source: Yara matchFile source: dropped/chromecache_136, type: DROPPED
                Source: Yara matchFile source: dropped/chromecache_118, type: DROPPED
                Source: https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9HTTP Parser: Number of links: 0
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: Number of links: 0
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540HTTP Parser: Number of links: 0
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=trueHTTP Parser: Number of links: 0
                Source: https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9HTTP Parser: Title: Sharing Link Validation does not match URL
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: Title: Sharing Link Validation does not match URL
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540HTTP Parser: Title: Redirecting does not match URL
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=trueHTTP Parser: Title: Sign in to your account does not match URL
                Source: https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitEmail", "", true, "", "", false, true))
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=trueHTTP Parser: <input type="password" .../> found
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540HTTP Parser: No favicon
                Source: https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9HTTP Parser: No <meta name="author".. found
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: No <meta name="author".. found
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: No <meta name="author".. found
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540HTTP Parser: No <meta name="author".. found
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=trueHTTP Parser: No <meta name="author".. found
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=trueHTTP Parser: No <meta name="author".. found
                Source: https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9HTTP Parser: No <meta name="copyright".. found
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: No <meta name="copyright".. found
                Source: https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAHTTP Parser: No <meta name="copyright".. found
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540HTTP Parser: No <meta name="copyright".. found
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
                Source: https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=trueHTTP Parser: No <meta name="copyright".. found
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
                Source: unknownHTTPS traffic detected: 40.126.29.7:443 -> 192.168.2.17:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 40.126.29.7:443 -> 192.168.2.17:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49736 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49742 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49743 version: TLS 1.2
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
                Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
                Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
                Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
                Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
                Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
                Source: unknownTCP traffic detected without corresponding DNS query: 23.220.189.216
                Source: unknownTCP traffic detected without corresponding DNS query: 40.126.29.7
                Source: unknownDNS traffic detected: queries for: hilton-my.sharepoint.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownHTTPS traffic detected: 40.126.29.7:443 -> 192.168.2.17:49707 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 40.126.29.7:443 -> 192.168.2.17:49714 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49723 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.17:49725 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49736 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49741 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49742 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.17:49743 version: TLS 1.2
                Source: classification engineClassification label: mal48.phis.winMSG@18/37@28/182
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240423T2248530728-1092.etl
                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "01748ADD-B2F4-40AA-9AE9-B4243BB7D994" "37B7238A-2833-4D98-A9E4-733A40E4795C" "1092" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2000,i,960705186740720573,12329479550179494543,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2000,i,960705186740720573,12329479550179494543,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
                Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid AccountsWindows Management Instrumentation1
                Scripting                		1
                Process Injection                		3
                Masquerading                		OS Credential Dumping1
                Process Discovery                		Remote ServicesData from Local System2
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Modify Registry                		LSASS Memory13
                System Information Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Application Layer Protocol                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                Registry Run Keys / Startup Folder                		1
                Registry Run Keys / Startup Folder                		1
                Process Injection                		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
                Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                DLL Side-Loading                		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                No Antivirus matches

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                No Antivirus matches

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                dual-spo-0005.spo-msedge.net
                		13.107.136.10
                		truefalse
                  		unknown
                  part-0013.t-0009.t-msedge.net
                  		13.107.213.41
                  		truefalse
                    		unknown
                    cs1100.wpc.omegacdn.net
                    		152.199.4.44
                    		truefalse
                      		unknown
                      www.google.com
                      		74.125.136.103
                      		truefalse
                        		high
                        autologon.microsoftazuread-sso.com
                        		40.126.32.136
                        		truefalse
                          		unknown
                          identity.nel.measure.office.net
                          		unknown
                          		unknownfalse
                            		high
                            hilton-my.sharepoint.com
                            		unknown
                            		unknownfalse
                              		unknown
                              aadcdn.msftauth.net
                              		unknown
                              		unknownfalse
                                		unknown
                                login.microsoftonline.com
                                		unknown
                                		unknownfalse
                                  		high
                                  m365cdn.nel.measure.office.net
                                  		unknown
                                  		unknownfalse
                                    		high
                                    aadcdn.msftauthimages.net
                                    		unknown
                                    		unknownfalse
                                      		unknown

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnAfalse
                                        		unknown
                                        https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9false
                                          		unknown
                                          https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540&sso_reload=truefalse
                                            		high
                                            https://login.microsoftonline.com/660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a/oauth2/authorize?client%5Fid=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&response%5Fmode=form%5Fpost&response%5Ftype=code%20id%5Ftoken&resource=00000003%2D0000%2D0ff1%2Dce00%2D000000000000&scope=openid&nonce=AEFB5D6D5B4C6AC579BC6AF9C9B95BD6AD2614D0A1F37CEA%2D2699DC82E58B5210EB7D411D0B8E270BD01E3C74C4B55CECDC8C8C42B92E9A74&redirect%5Furi=https%3A%2F%2Fhilton%2Dmy%2Esharepoint%2Ecom%2F%5Fforms%2Fdefault%2Easpx&state=OD0w&claims=%7B%22id%5Ftoken%22%3A%7B%22xms%5Fcc%22%3A%7B%22values%22%3A%5B%22CP1%22%5D%7D%7D%7D&wsucxt=1&cobrandid=11bd8083%2D87e0%2D41b5%2Dbb78%2D0bc43c8a8e8a&client%2Drequest%2Did=5bee21a1%2D5016%2D5000%2D31cf%2D93a753343540false
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              13.107.138.10
                                              		unknownUnited States
                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              52.109.56.128
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              13.107.136.10
                                              		dual-spo-0005.spo-msedge.netUnited States
                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              64.233.176.95
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              40.126.28.14
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              40.126.29.12
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              52.109.8.36
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              13.107.213.41
                                              		part-0013.t-0009.t-msedge.netUnited States
                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              74.125.136.103
                                              		www.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              74.125.138.94
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              52.113.194.132
                                              		unknownUnited States
                                              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              64.233.177.95
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              23.203.48.61
                                              		unknownUnited States
                                              		2914NTT-COMMUNICATIONS-2914USfalse
                                              1.1.1.1
                                              		unknownAustralia
                                              		13335CLOUDFLARENETUSfalse
                                              152.199.4.44
                                              		cs1100.wpc.omegacdn.netUnited States
                                              		15133EDGECASTUSfalse
                                              142.250.105.100
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              23.213.26.151
                                              		unknownUnited States
                                              		2914NTT-COMMUNICATIONS-2914USfalse
                                              173.194.219.102
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              173.194.219.84
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              239.255.255.250
                                              		unknownReserved
                                              		unknownunknownfalse
                                              51.105.71.137
                                              		unknownUnited Kingdom
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              40.126.28.11
                                              		unknownUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                              23.47.204.40
                                              		unknownUnited States
                                              		20940AKAMAI-ASN1EUfalse
                                              23.223.31.231
                                              		unknownUnited States
                                              		16625AKAMAI-ASUSfalse
                                              40.126.32.136
                                              		autologon.microsoftazuread-sso.comUnited States
                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                              Private

                                              IP
                                              192.168.2.17

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1430586
                                              Start date and time:2024-04-23 22:48:09 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:22
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Sample name:EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg
                                              Detection:MAL
                                              Classification:mal48.phis.winMSG@18/37@28/182
                                              Cookbook Comments:
                                              • Found application associated with file extension: .msg

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                              • Excluded IPs from analysis (whitelisted): 52.109.56.128, 192.229.211.108, 199.232.210.172, 52.109.8.36, 23.47.204.40, 23.47.204.24, 52.113.194.132, 74.125.138.94, 142.250.105.100, 142.250.105.113, 142.250.105.101, 142.250.105.139, 142.250.105.138, 142.250.105.102, 173.194.219.84, 34.104.35.123, 23.203.48.61, 23.203.48.19, 23.203.48.14, 23.203.48.11, 23.203.48.7, 23.203.48.64, 23.203.48.18, 23.203.48.63, 23.203.48.65, 64.233.176.95, 173.194.219.95, 142.250.105.95, 74.125.138.95, 64.233.185.95, 74.125.136.95, 172.253.124.95, 108.177.122.95, 142.251.15.95, 142.250.9.95, 64.233.177.95, 23.223.31.231, 23.223.31.204, 51.105.71.137, 172.253.124.101, 172.253.124.102, 172.253.124.100, 172.253.124.138, 172.253.124.139, 172.253.124.113, 74.125.136.100, 74.125.136.113, 74.125.136.101, 74.125.136.102, 74.125.136.139, 74.125.136.138
                                              • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, e40491.dscd.akamaiedge.net, clientservices.googleapis.com, res-1.cdn.office.net, a1894.dscb.akamai.net, asia.configsvc1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprduks03.uksouth.cloudapp.azure.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, officeclient.microsoft.com, res-1.cdn.office.net-c.edgekey.net.globalredir.akadns.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, 192080-ipv4v6w.farm.dprodmgd105.sharepointonline.com.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, cus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, us1.roaming1.
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • VT rate limit hit for: EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                              Download File
                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):231348
                                              Entropy (8bit):4.381424169994239
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:EF7218C087716AF08C7C9A6A8E049B66
                                              SHA1:ACF4C5D5235D2FFDFBAAB38E32AB9D4A6599C650
                                              SHA-256:44C7A30842455606C735E8F1EAAD689F05C33A285152971C71ADD8F3FD28F2C6
                                              SHA-512:422DDC6DF4E9FD656BDBDDA62E6DFFB125559404B111DBA535521710FAEC087DF7FB4A6D7F9AFEBFB28F0CB4AC5E0E1D44D7EB93BB009EE474E60B0E7CE81094
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:TH02...... ..<........SM01X...,...0s..............IPM.Activity...........h...............h............H..h.X......+.....h........H..H..h\tor ...AppD...h.}..0...@.X....h.,W............h........_`Zj...h./W.@...I.+w...h....H...8._j...0....T...............d.........2h...............k_.D.....e.....!h.............. hL6.3....X.X...#h....8.........$hH......8....."h..............'h..n...........1h.,W.<.........0h....4...._j../h....h....._jH..hhr..p....X...-h .........X...+hG,W.....X......... ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                              Download File
                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                              Category:dropped
                                              Size (bytes):322260
                                              Entropy (8bit):4.000299760592446
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:CC90D669144261B198DEAD45AA266572
                                              SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                              SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                              SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                              Download File
                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                              File Type:ASCII text, with no line terminators
                                              Category:dropped
                                              Size (bytes):10
                                              Entropy (8bit):2.4464393446710155
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:99A34A38C9222BA5080EFF5AECB3715E
                                              SHA1:5BEC15A0489A234DB2C7800AA6227C6F75972ACD
                                              SHA-256:AE8F76DA472256A3A43C9872A92CD71EDB16955306BCF65158A7D0F0217DE81D
                                              SHA-512:4CD548D9B542FFCAC8C8D39153A22280420C2A4CC52214EF06E9B20D360E13AF1D2D70245F14FA17BA56F950F2A03C1E66DF379AAFB046638468233AFB851764
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:1713905337

                                              C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\1368B89F-AE73-49E4-9D63-B10E380A2DC7

                                              Download File
                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):166203
                                              Entropy (8bit):5.340919058952879
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:45FC23838AA30F62FC06255BE415F2C9
                                              SHA1:8ED4AC4ACC007E03EC8D1512FC71CFFC31E70EF0
                                              SHA-256:ABFBE38C2E92512601DB02AD30E9EB6F49CFCC9E327646C1CD9C6E872FA695BD
                                              SHA-512:7AA927212F75A925DDA044805519F391E0113C905A219A54F3084792F434612CBBB4E47C98B3DEF275AD8788F941B44CF41B3E9AB29ADBD347A834912447819F
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-04-23T20:48:56">.. Build: 16.0.17609.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuth

                                              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                              Download File
                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                              File Type:SQLite Rollback Journal
                                              Category:dropped
                                              Size (bytes):4616
                                              Entropy (8bit):0.13760166725504608
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:C6814EDC8F3AB65BA0BB4F9223C2A4EF
                                              SHA1:5FBEC8576A89275C9AC4EDA4DF92A95F1D6AF6A7
                                              SHA-256:261259E5AD7929F099D77E88C298F63A8EB7CA99069BE66D62CF1C6F08CE02B5
                                              SHA-512:8FB757739541661822C0B22CB2179CFC9A4D701113791C4E6878E250965E868C5F9EEB328C3FCBCFF401BAFDFE4697141E106B69D4C8B99AE70E89B3C9E20F79
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:.... .c......^k%....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                              Download File
                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):30
                                              Entropy (8bit):1.2389205950315936
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:BC0B2891CDC938E3D24655442AE03BF6
                                              SHA1:76A7D3A3C0EAECBF05EFB5338F0C84EC3213B9A7
                                              SHA-256:0C9353E64EFADDBF1A67EB48F1141BFC7C49F81F3C45AA3A487440CEF9D4D760
                                              SHA-512:E2B04DB6B35025C5EF8688F8B8D4A57B73F64002AC3678B322E12E5C9B457AB5D35B1DCB4720F74518549840820F6D815777C881C4CDAF3BED8DDA99DA02802D
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:..............................

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2677
                                              Entropy (8bit):3.99720014530738
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4A0582209357469E7485F175FAFE1861
                                              SHA1:297C94AB6ED10562AAED1C6E24F2385B27B1D1AD
                                              SHA-256:DA846BF807C561D8EA092BED8BAE3CEB0B0E1396218FE487B0990972FCC4653B
                                              SHA-512:2857C78EA5EC7768F78F672E89A9E77882256D91C4A1BC86711CC03AA7030BA417B4854CCC004825A4567439CB3994982EFE08CA1CE77A8239A9032245BD31F4
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,..............y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X .....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X .....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X"............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2679
                                              Entropy (8bit):4.010583710122253
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:C1DA22992A58EACD26902A68F9DF1F8F
                                              SHA1:824522E55D142BB9342EB12688F1B4C1F3C220BA
                                              SHA-256:2064407D68887171DC02975959F988867CFC37ED56F0509BE3CD3BD42F4A3964
                                              SHA-512:A67A728425068D4E185AD941611C052BA29D2D67ABC7EBEFC7D8F8DF321833FC2F630BFFEC27D52688A353A5CF2443AA18F5DCF20E635070441F47AAD84EBFE4
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....b..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X .....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X .....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X"............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2693
                                              Entropy (8bit):4.018142590909322
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:E947FDB18D1FA622711421E03A94044C
                                              SHA1:461ABBD7668F2BEE1F423F488524C62B90680C7E
                                              SHA-256:330678B3EB789C8D3DA89A8E0F6454AB85FDE5318E94E29B60DD441C342D9FF3
                                              SHA-512:3780EE7EB0F058ECE5327BB5D574F9D69B925EE6A94EE52E81A788CC8CA5AA0822428D31B303075BF6659044A1E954F542B9E2C2EAE5B83169A24FA03263E6FF
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X .....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X .....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2681
                                              Entropy (8bit):4.011699182453965
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:02BE4502447B0ED6582FA77DB503B90B
                                              SHA1:644AFDDE0030EF67DDA670401C7C185D7E352B97
                                              SHA-256:FA4AB071AC0FA282961880FC78332A9C05BCC7BEEABFA30B415C9FF4489D2ECF
                                              SHA-512:41CC14CFE745E2DB68A72BE0D1417B4F820503DA8C031463A81983F682E4F9313ED28559EA9A397621976273B738E987DE9694DBFCD03E842BFE8FB294D9485F
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....#7..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X .....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X .....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X"............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2681
                                              Entropy (8bit):4.002229410944275
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0E58779B01A9AF983FD98C0D36317599
                                              SHA1:60B06DF46FD6D321FC380139643B3CB4A9A804A5
                                              SHA-256:C0F5713BE5CE4812B61549E3F456936FB999820A79504AB089485DA201574CC6
                                              SHA-512:5547010136FFAF9D76C7590A2E62E1782C0C1640285597756E74B71B1333C7C845ADFC538C78A225D89102148FDF0EDFDD2BCB63BAC05F08F5426A7A49452D24
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....Q..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X .....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X .....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X"............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 23 19:49:02 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2683
                                              Entropy (8bit):4.012940249059456
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:A354F20B0E8AA4ACC1CA3504898BC52D
                                              SHA1:236F66584E9D631D83C7EAF9696FAC0582617F85
                                              SHA-256:3E48AE371CE673A8FF123C208DB276579EF806591EB084A85714CB96C9D35521
                                              SHA-512:E3665A813BED422975D171F7266AB17632A3E78CBDC8C5403586628473A35FD80BA81BC74DF3FFD11CF9202406DFB29266E681A5AA1AAE07974F73F0881219F3
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,....(...........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X .....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X .....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X ............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X"............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............>......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              Chrome Cache Entry: 107

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (2345), with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):2347
                                              Entropy (8bit):5.290031538794594
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:E86EF8B6111E5FB1D1665BCDC90888C9
                                              SHA1:994BF7651CB967CD9053056AF2D69ACB74DB7F29
                                              SHA-256:3410242720DE50B090D07A23AEE2DAD879B31D36F2615732962EC4CFA8A9D458
                                              SHA-512:2486B491681EE91A9CD1ECC9AA011A3FB34B48358C5D7A4D503A5357BC5CE4CA22999F918D40AC60A3063940D5F326FC7E4E5713D89D5C102DE68824E371B3AB
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://login.live.com/Me.htm?v=3
                                              Preview:<script type="text/javascript">!function(n,t){for(var e in t)n[e]=t[e]}(this,function(n){function t(i){if(e[i])return e[i].exports;var s=e[i]={exports:{},id:i,loaded:!1};return n[i].call(s.exports,s,s.exports,t),s.loaded=!0,s.exports}var e={};return t.m=n,t.c=e,t.p="",t(0)}([function(n,t){function e(n){for(var t=g[c],e=0,i=t.length;e<i;++e)if(t[e]===n)return!0;return!1}function i(n){if(!n)return null;for(var t=n+"=",e=document.cookie.split(";"),i=0,s=e.length;i<s;i++){var o=e[i].replace(/^\s*(\w+)\s*=\s*/,"$1=").replace(/(\s+$)/,"");if(0===o.indexOf(t))return o.substring(t.length)}return null}function s(n,t,e){if(n)for(var i=n.split(":"),s=null,o=0,a=i.length;o<a;++o){var l=null,c=i[o].split("$");if(0===o&&(s=parseInt(c.shift()),!s))return;var p=c.length;if(p>=1){var f=r(s,c[0]);if(!f||e[f])continue;l={signInName:f,idp:"msa",isSignedIn:!0}}if(p>=3&&(l.firstName=r(s,c[1]),l.lastName=r(s,c[2])),p>=4){var g=c[3],m=g.split("|");l.otherHashedAliases=m}if(p>=5){var h=parseInt(c[4],16);h&&(l.

                                              Chrome Cache Entry: 108

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:GIF image data, version 89a, 352 x 3
                                              Category:dropped
                                              Size (bytes):2672
                                              Entropy (8bit):6.640973516071413
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:166DE53471265253AB3A456DEFE6DA23
                                              SHA1:17C6DF4D7CCF1FA2C9EFD716FBAE0FC2C71C8D6D
                                              SHA-256:A46201581A7C7C667FD42787CD1E9ADF2F6BF809EFB7596E61A03E8DBA9ADA13
                                              SHA-512:80978C1D262BC225A8BA1758DF546E27B5BE8D84CBCF7E6044910E5E05E04AFFEFEC3C0DA0818145EB8A917E1A8D90F4BAC833B64A1F6DE97AD3D5FC80A02308
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:GIF89a`............!..NETSCAPE2.0.....!.......,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....0.............<....[.\K8j.tr.g..!.......,....3............^;.*..\UK.]\.%.V.c...!.......,....7........`....lo...[.a..*Rw~i...!.......,....;........h.....l.G-.[K.,_XA]..'g..!.......,....?........i.....g....Z.}..)..u...F..!.......,....C...............P.,nt^.i....Xq...i..!.......,....F...........{^b....n.y..i...\C.-...!.......,....H..............R...o....h.xV!.z#...!.......,"...L.............r.jY..w~aP(.......[i...!.......,(...N.............r....w.aP.j.'.)Y..S..!.......,....H.........`......hew..9`.%z.xVeS..!.......,5...A.........`...\m.Vmtzw.}.d.%...Q..!.......,9...=.........h......3S..s.-W8m...Q..!.......,A...5.........h.....N...:..!..U..!.......,H.............h....M.x...f.i.4..!.......,O...'.........i...tp......(..!.......,X.............j...@.x....!.......,].............j..L..3em..!.......,e.............`......!.......,n..............{i..!..

                                              Chrome Cache Entry: 109

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):23063
                                              Entropy (8bit):4.7535440881548165
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:90EA7274F19755002360945D54C2A0D7
                                              SHA1:647B5D8BF7D119A2C97895363A07A0C6EB8CD284
                                              SHA-256:40732E9DCFA704CF615E4691BB07AECFD1CC5E063220A46E4A7FF6560C77F5DB
                                              SHA-512:7474667800FF52A0031029CC338F81E1586F237EB07A49183008C8EC44A8F67B37E5E896573F089A50283DF96A1C8F185E53D667741331B647894532669E2C07
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://hilton-my.sharepoint.com/WebResource.axd?d=koSfsUcQXARctMaEjcwN46CF4S7_PF4JumDkN-397nICEZx5gKDfLN47jJ2elK5vlRBHkbjd5eSsNLThxi4yWuncn55Jt7OuHgGTaKqogpc1&t=638449966421100877
                                              Preview:function WebForm_PostBackOptions(eventTarget, eventArgument, validation, validationGroup, actionUrl, trackFocus, clientSubmit) {.. this.eventTarget = eventTarget;.. this.eventArgument = eventArgument;.. this.validation = validation;.. this.validationGroup = validationGroup;.. this.actionUrl = actionUrl;.. this.trackFocus = trackFocus;.. this.clientSubmit = clientSubmit;..}..function WebForm_DoPostBackWithOptions(options) {.. var validationResult = true;.. if (options.validation) {.. if (typeof(Page_ClientValidate) == 'function') {.. validationResult = Page_ClientValidate(options.validationGroup);.. }.. }.. if (validationResult) {.. if ((typeof(options.actionUrl) != "undefined") && (options.actionUrl != null) && (options.actionUrl.length > 0)) {.. theForm.action = options.actionUrl;.. }.. if (options.trackFocus) {.. var lastFocus = theForm.elements["__LASTFOCUS"];.. if ((typeo

                                              Chrome Cache Entry: 111

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:GIF image data, version 89a, 352 x 3
                                              Category:downloaded
                                              Size (bytes):3620
                                              Entropy (8bit):6.867828878374734
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B540A8E518037192E32C4FE58BF2DBAB
                                              SHA1:3047C1DB97B86F6981E0AD2F96AF40CDF43511AF
                                              SHA-256:8737D721808655F37B333F08A90185699E7E8B9BDAAA15CDB63C8448B426F95D
                                              SHA-512:E3612D9E6809EC192F6E2D035290B730871C269A267115E4A5515CADB7E6E14E3DD4290A35ABAA8D14CF1FA3924DC76E11926AC341E0F6F372E9FC5434B546E5
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/images/marching_ants_986f40b5a9dc7d39ef8396797f61b323.gif
                                              Preview:GIF89a`.........iii!.......!.&Edited with ezgif.com online GIF maker.!..NETSCAPE2.0.....,....`.....6......P.l.......H....I..:qJ......k....`BY..L*..&...!.......,....`.....9..i....Q4......H..j.=.k9-5_..........j7..({.........!.......,....`.....9.......trV.......H....`.[.q6......>.. .CZ.&!.....M...!.......,....`.....8..........:......H..jJ..U..6_....../.el...q.)...*..!.......,....`.....9.....i..l.go.....H..*".U...f......._......5......n..!.......,....`.....:..i......./.....H...5%.kE/5.........In.a..@&3.....J...!.......,....`.....9.......kr.j.....H..*.-.{Im5c..............@&.........!.......,....`.....9.........j..q....H...].&..\.5.........8..S..........!.......,....`.....9.......3q.g..5....H...:u..............Al..x.q.........!.......,....`.....9......\.F....z....H...zX...ov.........h3N.x4......j..!.......,....`.....9........Q.:......H....y..^...1.........n.!.F......E...!.......,....`.....8.........i,......H....*_.21.I.........%...

                                              Chrome Cache Entry: 112

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:SVG Scalable Vector Graphics image
                                              Category:downloaded
                                              Size (bytes):1592
                                              Entropy (8bit):4.205005284721148
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:4E48046CE74F4B89D45037C90576BFAC
                                              SHA1:4A41B3B51ED787F7B33294202DA72220C7CD2C32
                                              SHA-256:8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
                                              SHA-512:B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/images/signin-options_3e3f6b73c3f310c31d2c4d131a8ab8c6.svg
                                              Preview:<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

                                              Chrome Cache Entry: 113

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (65329), with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):102801
                                              Entropy (8bit):5.336080509196147
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:C89EAA5B28DF1E17376BE71D71649173
                                              SHA1:2B34DF4C66BB57DE5A24A2EF0896271DFCA4F4CD
                                              SHA-256:66B804E7A96A87C11E1DD74EA04AC2285DF5AD9043F48046C3E5000114D39B1C
                                              SHA-512:B73D56304986CD587DA17BEBF21341B450D41861824102CC53885D863B118F6FDF2456B20791B9A7AE56DF91403F342550AF9E46F7401429FBA1D4A15A6BD3C0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://hilton-my.sharepoint.com/ScriptResource.axd?d=xPtVlJAxCZTX8aw-5CM98Uz6DNjcGGeHHEGjfqk7ebuC4ji_Q_gO9Rj2KNkU3iYfl35m6lE0_EVMT7nM3g2BzmmVVX5Pyz2qkX1sLIed2I5rfq1v0U4gfNaRotqysfdsJHCLDuxXGTj3bXg5HBuLXKlGzREQNXvztKM4DM2YNnKcbsoOx6NCwpHCMGnD07GW0&t=722fe453
                                              Preview://----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjax.js..Function.__typeName="Function";Function.__class=true;Function.createCallback=function(b,a){return function(){var e=arguments.length;if(e>0){var d=[];for(var c=0;c<e;c++)d[c]=arguments[c];d[e]=a;return b.apply(this,d)}return b.call(this,a)}};Function.createDelegate=function(a,b){return function(){return b.apply(a,arguments)}};Function.emptyFunction=Function.emptyMethod=function(){};Function.validateParameters=function(c,b,a){return Function._validateParams(c,b,a)};Function._validateParams=function(g,e,c){var a,d=e.length;c=c||typeof c==="undefined";a=Function._validateParameterCount(g,e,c);if(a){a.popStackFrame();return a}for(var b=0,i=g.length;b<i;b++){var f=e[Math.min(b,d-1)],h=f.name;if(f.parameterArray)h+="["+(b-d+1)+"]";else if(!c&&b>=d)break;a=Function._validateParameter(g[b],f

                                              Chrome Cache Entry: 114

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (45563)
                                              Category:downloaded
                                              Size (bytes):141339
                                              Entropy (8bit):5.431048966728945
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0A1A5BA009FB1F25E3F3D036D8CF26CE
                                              SHA1:8E9E6A11CED0807252C34DCA1D8C7C2390D1A5CA
                                              SHA-256:94153F2A6DAAE35DFCB61DC987E2D4310B7CA021E36375E87D8B8C641C0C6121
                                              SHA-512:018FA3AD6DCC5DD17258334C2AD5BD0CE4E6AC278A340EE9F0147EC3084B56D0BC5F7224DAF950E89B53828FF57737E1DB1539DCE2B3E7967FE40971677CDFB4
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/js/BssoInterrupt_Core_ChpboAn7HyXj89A22M8mzg2.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,r,i=n[0],a=n[1],s=0,u=[];s<i.length;s++)

                                              Chrome Cache Entry: 115

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (39257), with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):40326
                                              Entropy (8bit):5.245555585297941
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:DA9DC1C32E89C02FC1E9EEB7E5AAB91E
                                              SHA1:3EFB110EFA6068CE6B586A67F87DA5125310BC30
                                              SHA-256:398CDF1B27EF247E5BC77805F266BB441E60355463FC3D1776F41AAE58B08CF1
                                              SHA-512:D4730EBC4CA62624B8300E292F27FD79D42A9277E409545DF7DC916189ED9DF13E46FAA37E3924B85A7C7EA8C76BF65A05ECA69B4029B550430536EC6DF8552A
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://hilton-my.sharepoint.com/ScriptResource.axd?d=auyL-6iHsEflE6kBghhhuqt8rRWhBdkB-h_DmmXHj6tHVH51yro6aTekFV-4NbmaNqarzi5l40nuFjPiMxE-teSEa2o0uMuoPRITvdSUpBhBpBEz-z3Owj7d7eEqTj-i8WLqt8PMwHOSJ-buVaG2-FlG4hWTZkeO7ddzbvS2-Go3lOSdQjL1a4g-kTra0FJK0&t=722fe453
                                              Preview://----------------------------------------------------------..// Copyright (C) Microsoft Corporation. All rights reserved...//----------------------------------------------------------..// MicrosoftAjaxWebForms.js..Type._registerScript("MicrosoftAjaxWebForms.js",["MicrosoftAjaxCore.js","MicrosoftAjaxSerialization.js","MicrosoftAjaxNetwork.js","MicrosoftAjaxComponentModel.js"]);Type.registerNamespace("Sys.WebForms");Sys.WebForms.BeginRequestEventArgs=function(c,b,a){Sys.WebForms.BeginRequestEventArgs.initializeBase(this);this._request=c;this._postBackElement=b;this._updatePanelsToUpdate=a};Sys.WebForms.BeginRequestEventArgs.prototype={get_postBackElement:function(){return this._postBackElement},get_request:function(){return this._request},get_updatePanelsToUpdate:function(){return this._updatePanelsToUpdate?Array.clone(this._updatePanelsToUpdate):[]}};Sys.WebForms.BeginRequestEventArgs.registerClass("Sys.WebForms.BeginRequestEventArgs",Sys.EventArgs);Sys.WebForms.EndRequestEventArgs=fun

                                              Chrome Cache Entry: 117

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (37521)
                                              Category:downloaded
                                              Size (bytes):40512
                                              Entropy (8bit):5.386940389855492
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:DA189C62F9997EDD2FE2A507E459B4D4
                                              SHA1:4D1FA07A44768BF96B0A0B36B23818630185FE11
                                              SHA-256:D2BE00AAB70C67C0B1655B46FA495009BD6868988238BFED00A2F6D26A616259
                                              SHA-512:24F32A2D618DC23D6A655126DFDE03A52813E6280B6708881D7E188001275B5AC39E16E5B18333413E887E02A1079D78E61DA92FA72E8EAE7CFFF8DC2251989C
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/spoguestaccesswebpack/spoguestaccess.js
                                              Preview:/*! For license information please see spoguestaccess.js.LICENSE.txt */.document.currentScript,define("@fluentui/react-file-type-icons",[],()=>{var e;return(()=>{"use strict";var t=[e=>{var t=Object.getOwnPropertySymbols,n=Object.prototype.hasOwnProperty,a=Object.prototype.propertyIsEnumerable;function i(e){if(null==e)throw new TypeError("Object.assign cannot be called with null or undefined");return Object(e)}e.exports=function(){try{if(!Object.assign)return!1;var e=new String("abc");if(e[5]="de","5"===Object.getOwnPropertyNames(e)[0])return!1;for(var t={},n=0;n<10;n++)t["_"+String.fromCharCode(n)]=n;if("0123456789"!==Object.getOwnPropertyNames(t).map(function(e){return t[e]}).join(""))return!1;var a={};return"abcdefghijklmnopqrst".split("").forEach(function(e){a[e]=e}),"abcdefghijklmnopqrst"===Object.keys(Object.assign({},a)).join("")}catch(e){return!1}}()?Object.assign:function(e,r){for(var o,s,c=i(e),d=1;d<arguments.length;d++){for(var l in o=Object(arguments[d]))n.call(o,l)&&(c[l]

                                              Chrome Cache Entry: 118

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (30522), with CRLF, LF line terminators
                                              Category:downloaded
                                              Size (bytes):68863
                                              Entropy (8bit):5.662597610545214
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:56A3C1DB2656C9BA9221D11343E3D514
                                              SHA1:86A7ECD2C59CAB21B1BEE1D59C3BB659A1A82EE3
                                              SHA-256:8880B205CDBAA69FAE61F0F59E1E285D7A7FDD11CA47DAB62D35CCAC959A450F
                                              SHA-512:ADEC99211A5D700AA7CD6FAAAABC697D99BA8F5C7DD4E5703D0B12C53361EDF5AA9E7C6D8FF1DF9760B97E49D7DE043B308B4DAFCE33A98911E079DB0AC93CFA
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://hilton-my.sharepoint.com/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9
                                              Preview:..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="/_layouts/15/images/favicon.ico?rev=47" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,ma

                                              Chrome Cache Entry: 119

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1500x1013, components 3
                                              Category:dropped
                                              Size (bytes):203584
                                              Entropy (8bit):7.630350360666162
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:919CA8A14EFFD2F04B9A699D3AA9F3E4
                                              SHA1:8CAEF3D79DF9362839F5387F407F416A6DE400A5
                                              SHA-256:26370C261D99A3BB96A2174EEEC2DE1C99F7534BE9A50EF348DDA55DEE28EAA4
                                              SHA-512:A6278581B591AEDB396585220463209F8606DFF0DA5393CCEC5D69743A5A58B65E53E05494990EFFA5C947E0DBB8861925B223854E07F4B32605951A17875768
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:......JFIF.............C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........?/.C5M..*..lc./.Sy.S.9..j[..55..o...-...>.Sy...T.j..>..6.....o....E...*o>.|.....z...;...u:57.....j...z..kJ...K...k{..'.R.'..A..eo.S.[...{,....|...R=<._.?.~&...........}.....P..|Gi..m..G..)V.......an..,E.#.<GJ.w.....y...%.~.X.|.e.......K..<Q...k.{.6......U.:.../.. .T..}.Ve.}..UE.h.h.j*.jj.P.j*...(.....|.**5...J..........a.P.uZ.zw.`.7.`.N..

                                              Chrome Cache Entry: 120

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):36
                                              Entropy (8bit):4.503258334775644
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:06B313E93DD76909460FBFC0CD98CB6B
                                              SHA1:C4F9B2BBD840A4328F85F54873C434336A193888
                                              SHA-256:B4532478707B495D0BB1C21C314AEF959DD1A5E0F66E52DAD5FC332C8B697CBA
                                              SHA-512:EFD7E8195D9C126883C71FED3EFEDE55916848B784F8434ED2677DF5004436F7EDE9F80277CB4675C4DEB8F243B2705A3806B412FAA8842E039E9DC467C11645
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwmCAmly1gHbXRIFDdFbUVISBQ1Xevf9?alt=proto
                                              Preview:ChgKDQ3RW1FSGgQIVhgCIAEKBw1Xevf9GgA=

                                              Chrome Cache Entry: 121

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
                                              Category:downloaded
                                              Size (bytes):17174
                                              Entropy (8bit):2.9129715116732746
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:12E3DAC858061D088023B2BD48E2FA96
                                              SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
                                              SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
                                              SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
                                              Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

                                              Chrome Cache Entry: 123

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with no line terminators
                                              Category:downloaded
                                              Size (bytes):16
                                              Entropy (8bit):3.702819531114783
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:858372DD32511CB4DD08E48A93B4F175
                                              SHA1:CE4555B7B2EFBBD644D8E34CF3453A0E8CAA3C43
                                              SHA-256:3D18F3E1469C83D62CF3A39BA93F8EAA5B22447FE630E59F39DC1B7747635359
                                              SHA-512:6A57E0D4A1C23CB693AA9312F6FDAA1FC4309B5BC91D1B2279B5792BEE3534749FD3693C19AA95E0768800472D11D438EC3116F337679A249C28BE0E038E6DE0
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAnrTEd_x5ajuhIFDfSCVyI=?alt=proto
                                              Preview:CgkKBw30glciGgA=

                                              Chrome Cache Entry: 124

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (64612)
                                              Category:downloaded
                                              Size (bytes):113657
                                              Entropy (8bit):5.491599164368304
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:5B0E3778C74235B06DA49808DD8DF90A
                                              SHA1:AD25897B0870B81568412F55B19898E406CC11B3
                                              SHA-256:7530B843A86F3155CE07CDA787A40DA87052664B09C22F3D4DB5E9238664DBE0
                                              SHA-512:EE1FB8F232311A45A10D2CC2A8F19B6C8F86ECE52688F909B0928C0F65AE0953EB2176D0ADEA893A371300D0E3FEE7AF046865D48FFC2812B3440D01ADAEB727
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pstringcustomizationhelper_eb638da25d4055fbbb57.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[37],{487:function(e,t,r

                                              Chrome Cache Entry: 127

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (61177)
                                              Category:downloaded
                                              Size (bytes):113084
                                              Entropy (8bit):5.285180915082997
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:D62B4EDEB512B07ABEF4688E27ECDDE3
                                              SHA1:981A7825DA5E29938AB6FE0CBFE2DB622F7B8333
                                              SHA-256:4B01A0A34CE8ED4BC8A8713BE0442D49DA6A756236B7B4424622CA3DEE820F41
                                              SHA-512:6E91B285BEA8566EBB7829F592744A6706CF6498E6D5DC1C5A0EBDD0A685D767AA215B275A88568B957E6BE824AEE60521ED1D77D92A697A3CE0F446ECDCDDB9
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
                                              Preview:/*! Copyright (C) Microsoft Corporation. All rights reserved. *//*!.------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------..This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise...//-----------------------------------------------------------------------------.twbs-bootstrap-sass (3.3.0).//-----------------------------------------------------------------------------..The MIT License (MIT)..Copyright (c) 2013 Twitter, Inc..Permission is hereby granted, free of charge, to any person

                                              Chrome Cache Entry: 128

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                              Category:downloaded
                                              Size (bytes):215
                                              Entropy (8bit):5.276365882609613
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:CC5921A62A8A12B96E1AC6C8B067F554
                                              SHA1:7765894D3E1740D6CB774615EBA020764F4F64A2
                                              SHA-256:842A98587056925C8CECE5847AB8754995CD06FB7360164D75768BE345F92116
                                              SHA-512:7E2B0DDA55346C8DE227F50FCB8A1115352E7E276F6A0A5F40B777FD35E633693F0005C8538A215FE5D8F267694074DB266E3C9E0EA4F8E5EEE9B70B745E1BE5
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://res-1.cdn.office.net/files/odsp-web-prod_2024-04-12.003/@uifabric/file-type-icons/lib/initializeFileTypeIcons.js
                                              Preview:.<?xml version="1.0" encoding="utf-8"?><Error><Code>BlobNotFound</Code><Message>The specified blob does not exist..RequestId:d2ae83f0-b01e-0041-44bf-9530e4000000.Time:2024-04-23T20:48:53.9622018Z</Message></Error>

                                              Chrome Cache Entry: 130

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
                                              Category:dropped
                                              Size (bytes):7886
                                              Entropy (8bit):3.9482833105763633
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0B60F3C9E4DA6E807E808DA7360F24F2
                                              SHA1:9AFC7ABB910DE855EFB426206E547574A1E074B7
                                              SHA-256:ADDEEDEEEF393B6B1BE5BBB099B656DCD797334FF972C495CCB09CFCB1A78341
                                              SHA-512:1328363987ABBAD1B927FC95F0A3D5646184EF69D66B42F32D1185EE06603AE1A574FAC64472FB6E349C2CE99F9B54407BA72B2908CA7AB01D023EC2F47E7E80
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:...... .... .....6......... ............... .h...f...(... ...@..... ...........................................................................70..7...7...7...7...7...7...70..............................................................................................7`..7...7...7...7...7...7...7...7...7`......................................................................................7P..7...7...7...7...7...7...7...7...7...7...7P..............................................................................7...7...7...7...7...7...7...7...7...7...7...7...7...7...........................................................................7`..7...7...7...7...7...7...7...7...7...7...7...7...7`..........................................................................,...,...,...,...,...,...,.......7...7...7...7...7...7...........................................................................'...'...'...'...'...'...'...'...2...7...7...7...7...,....................`..........................

                                              Chrome Cache Entry: 131

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (64616)
                                              Category:downloaded
                                              Size (bytes):444227
                                              Entropy (8bit):5.449991999950224
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:8C74AB954A2C743D71C5B99C47F94C34
                                              SHA1:3FF62FDC7AD0AAA2D36EBA473DC28ECDD0F6D4E4
                                              SHA-256:B449CE27BB6C0352DC780DBA81B4D323D4808DAEEE064DD934CEC65B67BE8D46
                                              SHA-512:9BBD28D7C890DC2595A12937B0C16466DD916D6B97D217CE4FFF11E2DFB624D1B1201D41E2566C977901471B1BB2C8818C99CA1F3BCF8EFB2568C7680BBA2300
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_jHSrlUosdD1xxbmcR_lMNA2.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */!function(e){function n(n){for(var t,i,o=n[0],r=n[1],s=0,c=[];s<o.length;s++)

                                              Chrome Cache Entry: 133

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (43896)
                                              Category:downloaded
                                              Size (bytes):223759
                                              Entropy (8bit):5.257227710687157
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:5252837FFA272234E1CBF2D3D83EF32C
                                              SHA1:CAA4E48A54A2B1CA09327E42F24F6031FDF21CDA
                                              SHA-256:DF2E852C347ECF82F70A0C8A4B91713FBB0914D58F2CBAB01316BFE646ABEE7C
                                              SHA-512:523C59BC0D2861B8F35A8D46E52C935A26001B2A2EF8197F7F6DBFC38E8F0D51A5D3753FD4F0DCCD68DA08505D3313AFCFA7CB236E0363EDA4856D41F05A233A
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pcustomizationloader_7f0a8c2a247460fad87f.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[8],{528:function(e,t,r)

                                              Chrome Cache Entry: 134

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:Unicode text, UTF-8 text, with very long lines (32153)
                                              Category:downloaded
                                              Size (bytes):55071
                                              Entropy (8bit):5.379765697692697
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:976055749170B7AF7B5F38AE857A56B2
                                              SHA1:E3D736B8BC648B97AA403A7283ED6985A6FCF6B2
                                              SHA-256:190D2504B5C2EFE44DCE83474157D309A62DF8FA2B6BDF5D52B2CDDC1EB9E0D7
                                              SHA-512:0C6F404D513B25F6541D324243425D2D3B9C5D3BBC71D49628E9B782DDB315F4532830D4B5739EBF183A7C85DBC79A8382EBAD116272B812D9ABC79170E46AE2
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_l2bvdjfwt697xziuhxpwsg2.js
                                              Preview:!function(e){function o(n){if(i[n])return i[n].exports;var t=i[n]={exports:{},id:n,loaded:!1};return e[n].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}var i={};return o.m=e,o.c=i,o.p="",o(0)}([function(e,o,i){i(2);var n=i(1),t=i(5),r=i(6),a=r.StringsVariantId,s=r.AllowedIdentitiesType;n.registerSource("str",function(e,o){if(e.WF_STR_SignupLink_AriaLabel_Text="Create a Microsoft account",e.WF_STR_SignupLink_AriaLabel_Generic_Text="Create a new account",e.CT_STR_CookieBanner_Link_AriaLabel="Learn more about Microsoft's Cookie Policy",e.WF_STR_HeaderDefault_Title=o.iLoginStringsVariantId===a.CombinedSigninSignupV2WelcomeTitle?"Welcome":"Sign in",e.STR_Footer_IcpLicense_Text=".ICP.13015306.-10",o.oAppCobranding&&o.oAppCobranding.friendlyAppName){var i=o.fBreakBrandingSigninString?"to continue to {0}":"Continue to {0}";e.WF_STR_App_Title=t.format(i,o.oAppCobranding.friendlyAppName)}switch(o.oAppCobranding&&o.oAppCobranding.signinDescription&&(e.WF_STR_Default_Desc=o.oAppCobrand

                                              Chrome Cache Entry: 136

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:HTML document, ASCII text, with very long lines (30522), with CRLF, LF line terminators
                                              Category:downloaded
                                              Size (bytes):68687
                                              Entropy (8bit):5.663392745908421
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:0BC429C8DE9299208CE1674661440332
                                              SHA1:0D27CD89719CC9BB94E6AE6425EEE7E6B50FEDA0
                                              SHA-256:F2CD8E6CBF4EA37E3ADD06DDC2EE1FF0CBEAB0D98050BCB1DF01BD3897425E59
                                              SHA-512:EC419FBBAFAD8F5B148A31F8A289FD553D00812FD6672B654852DDA4851A2FFC4ED6BD7D9643144C591E0E98865185F6FF7C1D48F8F7EB7C151C42A3EC6CF3C9
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://hilton-my.sharepoint.com/personal/bonnie_stdryden2_hilton_com/_layouts/15/guestaccess.aspx?e=4%3al617Ov&at=9&share=ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA
                                              Preview:..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns:o="urn:schemas-microsoft-com:office:office" lang="en-us" dir="ltr">..<head><meta name="GENERATOR" content="Microsoft SharePoint" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Expires" content="0" /><meta name="Robots" content="NOHTMLINDEX" /><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /><meta http-equiv="X-UA-Compatible" content="IE=edge" /><link id="favicon" rel="shortcut icon" href="/_layouts/15/images/favicon.ico?rev=47" type="image/vnd.microsoft.icon" /><title>...Sharing Link Validation..</title>...<style type="text/css" media="screen, print, projection">....html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,footer,header,nav,section{display:block}h1{font-size:2em;margin:.67em 0}figcaption,figure,ma

                                              Chrome Cache Entry: 138

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (17444)
                                              Category:downloaded
                                              Size (bytes):17672
                                              Entropy (8bit):5.233316811547578
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:6EFDDF589864D2E146A55C01C6764A35
                                              SHA1:EFA8BBA46CB97877EEC5430C43F0AC32585B6B2F
                                              SHA-256:2D92F0CE8491D2F9A27EA16D261A15089C4A9BE879D1EEDCB6F4A3859E7F1999
                                              SHA-512:1AFC735660AAE010C04EF89C732D08EBA1B87BE6048164F273BEAEBECA3F30062812B4CD141DDF0291A6AB54F730875D597678A3564C0EED2AAC11E5400F951A
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://res-1.cdn.office.net/bld/_layouts/15/16.0.24803.12007/require.js
                                              Preview:/** vim: et:ts=4:sw=4:sts=4. * @license RequireJS 2.1.22 Copyright (c) 2010-2015, The Dojo Foundation All Rights Reserved.. * Available via the MIT or new BSD license.. * see: http://github.com/jrburke/requirejs for details. */.var requirejs,require,define;!function(global){function isFunction(e){return"[object Function]"===ostring.call(e)}function isArray(e){return"[object Array]"===ostring.call(e)}function each(e,t){if(e){var r;for(r=0;r<e.length&&(!e[r]||!t(e[r],r,e));r+=1);}}function eachReverse(e,t){if(e){var r;for(r=e.length-1;r>-1&&(!e[r]||!t(e[r],r,e));r-=1);}}function hasProp(e,t){return hasOwn.call(e,t)}function getOwn(e,t){return hasProp(e,t)&&e[t]}function eachProp(e,t){var r;for(r in e)if(hasProp(e,r)&&t(e[r],r))break}function mixin(e,t,r,i){return t&&eachProp(t,function(t,n){(r||!hasProp(e,n))&&(!i||"object"!=typeof t||!t||isArray(t)||isFunction(t)||t instanceof RegExp?e[n]=t:(e[n]||(e[n]={}),mixin(e[n],t,r,i)))}),e}function bind(e,t){return function(){return t.apply(e,ar

                                              Chrome Cache Entry: 139

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with very long lines (14735)
                                              Category:downloaded
                                              Size (bytes):15708
                                              Entropy (8bit):5.364262866906095
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:82B3E71D28044021BF3BBA30A8B1B613
                                              SHA1:508FD0047F49E7965707F0B58708A59D6A62C528
                                              SHA-256:49BD3382F2D2C171947474FC65B701DED717BF69A6E88505B84DA1D69B3C2F1E
                                              SHA-512:5393810DAE66111F7CFCE77BF46CAE3EE3D4153B5FDBA12AB9B1D8A7095A5DD883C7EE09E0A177D6E1BE3DA2D53A0A64798A51EEE6DAC1D54FB42A8F23C9B553
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_4d4b76a02ae121e3b20c.js
                                              Preview:/*!. * ------------------------------------------- START OF THIRD PARTY NOTICE -----------------------------------------. * . * This file is based on or incorporates material from the projects listed below (Third Party IP). The original copyright notice and the license under which Microsoft received such Third Party IP, are set forth below. Such licenses and notices are provided for informational purposes only. Microsoft licenses the Third Party IP to you under the licensing terms for the Microsoft product. Microsoft reserves all other rights not expressly granted under this agreement, whether by implication, estoppel or otherwise.. * . * json2.js (2016-05-01). * https://github.com/douglascrockford/JSON-js. * License: Public Domain. * . * Provided for Informational Purposes Only. * . * ----------------------------------------------- END OF THIRD PARTY NOTICE ------------------------------------------. */.(window.webpackJsonp=window.webpackJsonp||[]).push([[17],{514:function(e,n,s

                                              Chrome Cache Entry: 140

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:downloaded
                                              Size (bytes):26951
                                              Entropy (8bit):4.514992390210281
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:B3D7A123BE5203A1A3F0F10233ED373F
                                              SHA1:F4C61F321D8F79A805B356C6EC94090C0D96215C
                                              SHA-256:EF9453F74B2617D43DCEF4242CF5845101FCFB57289C81BCEB20042B0023A192
                                              SHA-512:A01BFE8546E59C8AF83280A795B3F56DFA23D556B992813A4EB70089E80621686C7B51EE87B3109502667CAF1F95CBCA074BF607E543A0390BF6F8BB3ECD992B
                                              Malicious:false
                                              Reputation:unknown
                                              URL:https://hilton-my.sharepoint.com/ScriptResource.axd?d=j1emC48oTDBdn7GSMI1bdC9OIM9nNcmwAdvGC1H6CQjcWwPiq2dQqguLMwSooOiof8znyO5__0ABhuXLuIE_WHri2BK7Bzgv1m8rKDLZPAvg3O0rfsz9lzBaHvBzbYkvXFneGMHlIUl7uzjvHXgcTOOdxqQjM8bbH_6JWdQIWjc1&t=fffffffff37b5a97
                                              Preview:var Page_ValidationVer = "125";..var Page_IsValid = true;..var Page_BlockSubmit = false;..var Page_InvalidControlToBeFocused = null;..var Page_TextTypes = /^(text|password|file|search|tel|url|email|number|range|color|datetime|date|month|week|time|datetime-local)$/i;..function ValidatorUpdateDisplay(val) {.. if (typeof(val.display) == "string") {.. if (val.display == "None") {.. return;.. }.. if (val.display == "Dynamic") {.. val.style.display = val.isvalid ? "none" : "inline";.. return;.. }.. }.. if ((navigator.userAgent.indexOf("Mac") > -1) &&.. (navigator.userAgent.indexOf("MSIE") > -1)) {.. val.style.display = "inline";.. }.. val.style.visibility = val.isvalid ? "hidden" : "visible";..}..function ValidatorUpdateIsValid() {.. Page_IsValid = AllValidatorsValid(Page_Validators);..}..function AllValidatorsValid(validators) {.. if ((typeof(validators) != "undefined") && (validators != null)) {

                                              Static File Info

                                              General

                                              File type:CDFV2 Microsoft Outlook Message
                                              Entropy (8bit):4.741707305398891
                                              TrID:
                                              • Outlook Message (71009/1) 45.36%
                                              • Outlook Form Template (41509/1) 26.51%
                                              • ClickyMouse macro set (36024/1) 23.01%
                                              • Generic OLE2 / Multistream Compound File (8008/1) 5.12%
                                              File name:EXTERNAL Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493.msg
                                              File size:151'552 bytes
                                              MD5:1e81508d7f63b72b6ac2e12b2abd691a
                                              SHA1:8344246f332e5efdc4f1ecb82bde0939131939c5
                                              SHA256:5afe7e917f3036d18c1d55aaf47d8716fb0fa7fdfbcc907da1ffe387ce07a5e4
                                              SHA512:ca8b7e3562b40a4f1e04a6a842a08bafda020dc6e7f74ca2294c024f58cb6aa8fc7060744f38b2b91138bc0e08743904237e667c199de6a41b7944be1dbe9e6f
                                              SSDEEP:3072:of7yv84Xc/KAA4kGs3HMXdyFH56aIqTZuz:g7UXcCtIYiyWaVdm
                                              TLSH:B8E3752039FB5109F1B7EF354EE69097893BBD92AE15965F2091330E0672941ECA1B3F
                                              File Content Preview:........................>.......................................................|..............................................................................................................................................................................

                                              Static Mail

                                              General

                                              Subject:[EXTERNAL] Bonnie St Dryden is inviting you to collaborate on One_docx(Apr 23) DOC3848493
                                              From:Bonnie St Dryden <Bonnie.StDryden2@Hilton.com>
                                              To:"chmoore@ddcaz.com" <chmoore@ddcaz.com>
                                              Cc:
                                              BCC:
                                              Date:Tue, 23 Apr 2024 22:38:26 +0200
                                              Communications:
                                              • This email originated from OUTSIDE of Desert Diamond. Do not click links or open attachments unless you recognize the sender and know the content is safe. If in doubt click the Report Phish button at top right of the Outlook Home Ribbon . ________________________________ Bonnie St Dryden shared a file with you Here's the document that Bonnie St Dryden shared with you. <https://hilton-my.sharepoint.com:443/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9> One_docx(Apr 23) DOC3848493 This link only works for the direct recipients of this message. Open <https://hilton-my.sharepoint.com:443/:b:/p/bonnie_stdryden2/ERZUVuYqPQRJnM5u31YLiVQBBoMrOx0skIjU6rsi29sBnA?e=4%3al617Ov&at=9> Privacy Statement <https://aka.ms/privacy> <https://eastus2r-notifyp.svc.ms:443/api/v2/tracking/method/View?mi=sDuRBhcwI0msgkPjwlyQiA> ________________________________ This transmission is not a digital or electronic signature and cannot be used to form, document, or authenticate a contract. Hilton and its affiliates accept no liability arising in connection with this transmission. Copyright 2024 Hilton Proprietary and Confidential
                                              Attachments:
                                              • AttachedImage
                                              • AttachedImage
                                              • AttachedImage
                                              • AttachedImage
                                              • AttachedImage

                                              Headers

                                              Key Value
                                              Receivedfrom MWHPR1001MB2287.namprd10.prod.outlook.com
                                              via Mailbox Transport; Tue, 23 Apr 2024 1338:31 -0700
                                              15.2.1544.4; Tue, 23 Apr 2024 1338:30 -0700
                                              via Frontend Transport; Tue, 23 Apr 2024 1338:30 -0700
                                              Received-SPFPass (mailb.desertdiamondcasino.com: domain of
                                              x-record-text="v=spf1 ip440.92.0.0/15 ip4:40.107.0.0/16
                                              ip452.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48
                                              ip62a01:111:f403:c000::/51 ip6:2a01:111:f403:f000::/52 -all"
                                              Authentication-Resultsmailb.desertdiamondcasino.com; spf=Pass smtp.mailfrom=Bonnie.StDryden2@hilton.com; spf=Pass smtp.helo=postmaster@NAM12-DM6-obe.outbound.protection.outlook.com; dkim=pass (signature verified) header.i=@hilton.com; dmarc=pass (p=quarantine dis=none) d=hilton.com
                                              IronPort-SDR66281c45_VXxuThSgG876q4Jr+FLde7xsuwQIilDMOSOHtQGcQf/a1Y1
                                              X-IPAS-Result=?us-ascii?q?A0EaBTO3GyhmhzPzayhaHgErCwYMIoMQMVJ6AlgvAwcIS?=
                                              IronPort-PHdrA9a23:yGLejxScMrtXo6u0c0d0ANtGsNpsoiKWAWYlg6HPa5pwe6iut67vI
                                              IronPort-DataA9a23:UlB7y6IYaqrlqXjCFE+R/pwlxSXFcZb7ZxGr2PjLsTEN7Y4Qp0RDi
                                              IronPort-HdrOrdrA9a23:h6gouaM4XYJRAMBcTyb155DYdb4zR+YMi2TDiHoddfUFSKalfp
                                              X-Talos-CUID=?us-ascii?q?9a23=3AzTKgiGqnDNQbquCDTr7gPP3mUfwhTE/fyn2PGWS?=
                                              X-Talos-MUID9a23:GLKAUwgGbNxhTMcRHIr0nMMpEeRG47XzWUk0qIw84+zcNnQtMjyNtWHi
                                              X-IronPort-Anti-Spam-Filteredtrue
                                              X-IronPort-AVE=Sophos;i="6.07,222,1708412400";
                                              X-Amp-ResultUNKNOWN
                                              X-Amp-Original-VerdictFILE UNKNOWN
                                              X-Amp-File-UploadedFalse
                                              X-IronPort-Outbreak-StatusNo, level 1, Phish - Phish
                                              by mailb.desertdiamondcasino.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Apr 2024 1338:29 -0700
                                              ARC-Seali=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
                                              ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
                                              h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
                                              ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass
                                              DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=hilton.com;
                                              (260310b6:806:329::14) with Microsoft SMTP Server (version=TLS1_2,
                                              2024 2038:26 +0000
                                              ([fe80:20db:b2a7:1a6a:4ce0%7]) with mapi id 15.20.7472.044; Tue, 23 Apr 2024
                                              2038:26 +0000
                                              FromBonnie St Dryden <Bonnie.StDryden2@Hilton.com>
                                              To"chmoore@ddcaz.com" <chmoore@ddcaz.com>
                                              Subject[EXTERNAL] Bonnie St Dryden is inviting you to collaborate on
                                              Thread-IndexAQHalb4xkB9q8gc5PUaNwdORE7eDLA==
                                              DateTue, 23 Apr 2024 20:38:26 +0000
                                              Message-ID<Share-39ed21a1-d0ab-5000-1d7a-903d5ae5dad0-d6444095-8d25-4e94-a574-816526475dcd-5000f819-e247-4373-ae6f-5d4e73ddfff8-DispatchToRecipients-PreprocessPayload-r0-SendEmail@odspnotify>
                                              Accept-Languageen-US
                                              Content-Languageen-US
                                              X-MS-Has-Attachyes
                                              X-MS-TNEF-Correlatorx-ms-publictraffictype: Email
                                              x-ms-traffictypediagnosticMWHPR1001MB2287:EE_|SN7PR10MB6955:EE_
                                              x-ms-office365-filtering-correlation-id3c3f0f42-ea1d-4b7e-a90b-08dc63d553c8
                                              x-ms-exchange-senderadcheck1
                                              x-ms-exchange-antispam-relay0
                                              x-microsoft-antispamBCL:0;
                                              x-microsoft-antispam-message-info=?us-ascii?Q?dXYz83/JU8+RmuE3Vnq6OxJDIMsBsJ1whqsZLeHtlzlcTQFwzK9zqHKnoiSc?=
                                              x-forefront-antispam-reportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MWHPR1001MB2287.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366007)(1800799015)(376005)(38070700009)(8002799003);DIR:OUT;SFP:1101;
                                              x-ms-exchange-antispam-messagedata-chunkcount1
                                              x-ms-exchange-antispam-messagedata-0=?us-ascii?Q?TRVJVm0Bmx6MLEhb8hKmELc1gNZf6Yh3+j9jb6ATUsc64Tvu0S0OqBIvKkvV?=
                                              Content-Typemultipart/related;
                                              MIME-Version1.0
                                              X-MS-Exchange-CrossTenant-AuthAsInternal
                                              X-MS-Exchange-CrossTenant-AuthSourceMWHPR1001MB2287.namprd10.prod.outlook.com
                                              X-MS-Exchange-CrossTenant-Network-Message-Id3c3f0f42-ea1d-4b7e-a90b-08dc63d553c8
                                              X-MS-Exchange-CrossTenant-originalarrivaltime23 Apr 2024 20:38:26.4349
                                              X-MS-Exchange-CrossTenant-fromentityheaderHosted
                                              X-MS-Exchange-CrossTenant-id660292d2-cfd5-4a3d-b7a7-e8f7ee458a0a
                                              X-MS-Exchange-CrossTenant-mailboxtypeHOSTED
                                              X-MS-Exchange-CrossTenant-userprincipalname2ugYv3t4N6YlAiuXCOEFTbL59FCMa25WRKEYZT8/clVV4Ojk4QQPGyccYOx4fpuc8YvZhcjfsLXuzUkJ3Myes+OSE5EB6Ulut7+c0HZQpVk=
                                              X-MS-Exchange-Transport-CrossTenantHeadersStampedSN7PR10MB6955
                                              Return-PathBonnie.StDryden2@hilton.com
                                              X-MS-Exchange-Organization-Network-Message-Id704613fb-513f-4e72-e786-08dc63d55666
                                              X-MS-Exchange-Organization-AVStamp-MailboxSYMANTEC;1;0;info
                                              X-MS-Exchange-Organization-AuthSourcetExch01.desertdiamondcasino.com
                                              X-MS-Exchange-Organization-AuthAsAnonymous
                                              X-MS-Exchange-Transport-EndToEndLatency00:00:00.3850543
                                              X-MS-Exchange-Processed-By-BccFoldering15.02.1544.004
                                              dateTue, 23 Apr 2024 22:38:26 +0200

                                              File Icon

                                              Icon Hash:c4e1928eacb280a2