Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
You have been assigned a task.eml

Overview

General Information

Sample name:You have been assigned a task.eml
Analysis ID:1432072
MD5:9e62885b9d085dd29903831a1923358e
SHA1:43233c6286bae24140e93176f7d8f74712b3cdb0
SHA256:ce49f01146f79f37de940753f57f561812b6c0e115ca1e9b021db51e6de9eca4
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Analysis Advice

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6336 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\You have been assigned a task.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5640 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1C9719B7-CC28-49DC-A3D8-86A04FDF784B" "DC8132E8-B4BC-4C12-B80B-F9E0CB32D944" "6336" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\ Q1 Performance Summary and Analysis.shtml MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 2216 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2008,i,10479318825723313330,17568246371096964043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6336, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6336, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9PJHFGTO/%20Q1%20Performance%20Summary%20and%20Analysis.shtmlHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 31MB
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.28.18
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 23.193.120.112
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficDNS traffic detected: DNS query: d15shllkswkct0.cloudfront.net
Source: global trafficDNS traffic detected: DNS query: project-2024-tasks.membership-6e8.workers.dev
Source: global trafficDNS traffic detected: DNS query: todays-tasks-plan.vercel.app
Source: global trafficDNS traffic detected: DNS query: login0nline.cheapbandgear.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.193.120.112:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49728 version: TLS 1.2
Source: classification engineClassification label: clean2.winEML@20/20@14/57
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240426T1137200130-6336.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\You have been assigned a task.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1C9719B7-CC28-49DC-A3D8-86A04FDF784B" "DC8132E8-B4BC-4C12-B80B-F9E0CB32D944" "6336" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1C9719B7-CC28-49DC-A3D8-86A04FDF784B" "DC8132E8-B4BC-4C12-B80B-F9E0CB32D944" "6336" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\ Q1 Performance Summary and Analysis.shtml
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2008,i,10479318825723313330,17568246371096964043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\ Q1 Performance Summary and Analysis.shtml
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=2008,i,10479318825723313330,17568246371096964043,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
login0nline.cheapbandgear.com0%VirustotalBrowse
sni1gl.wpc.sigmacdn.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9PJHFGTO/%20Q1%20Performance%20Summary%20and%20Analysis.shtml0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
project-2024-tasks.membership-6e8.workers.dev
104.21.70.6
truefalse
    		unknown
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		high
      d15shllkswkct0.cloudfront.net
      		18.64.171.116
      		truefalse
        		high
        www.google.com
        		142.250.217.164
        		truefalse
          		high
          login0nline.cheapbandgear.com
          		104.21.94.122
          		truefalseunknown
          todays-tasks-plan.vercel.app
          		76.76.21.241
          		truefalse
            		unknown
            sni1gl.wpc.sigmacdn.net
            		152.195.19.97
            		truefalseunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/9PJHFGTO/%20Q1%20Performance%20Summary%20and%20Analysis.shtmlfalse
            • Avira URL Cloud: safe
            		low
            https://todays-tasks-plan.vercel.app/#ZGF2aWQuYW5kZXJzb25Ad2VhcmV3b3Jrc3BhY2UuY29tfalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              52.113.194.132
              		unknownUnited States
              		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              104.21.94.122
              		login0nline.cheapbandgear.comUnited States
              		13335CLOUDFLARENETUSfalse
              192.178.50.67
              		unknownUnited States
              		15169GOOGLEUSfalse
              1.1.1.1
              		unknownAustralia
              		13335CLOUDFLARENETUSfalse
              76.76.21.241
              		todays-tasks-plan.vercel.appUnited States
              		16509AMAZON-02USfalse
              51.104.15.253
              		unknownUnited Kingdom
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              104.21.70.6
              		project-2024-tasks.membership-6e8.workers.devUnited States
              		13335CLOUDFLARENETUSfalse
              152.195.19.97
              		sni1gl.wpc.sigmacdn.netUnited States
              		15133EDGECASTUSfalse
              173.194.215.84
              		unknownUnited States
              		15169GOOGLEUSfalse
              142.250.217.164
              		www.google.comUnited States
              		15169GOOGLEUSfalse
              142.250.217.174
              		unknownUnited States
              		15169GOOGLEUSfalse
              239.255.255.250
              		unknownReserved
              		unknownunknownfalse
              23.208.28.161
              		unknownUnited States
              		20940AKAMAI-ASN1EUfalse
              35.190.80.1
              		a.nel.cloudflare.comUnited States
              		15169GOOGLEUSfalse
              52.111.227.28
              		unknownUnited States
              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
              18.64.171.116
              		d15shllkswkct0.cloudfront.netUnited States
              		3MIT-GATEWAYSUSfalse

              Private

              IP
              192.168.2.16

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1432072
              Start date and time:2024-04-26 11:36:48 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowsinteractivecookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:15
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              Analysis Mode:stream
              Analysis stop reason:Timeout
              Sample name:You have been assigned a task.eml
              Detection:CLEAN
              Classification:clean2.winEML@20/20@14/57
              Cookbook Comments:
              • Found application associated with file extension: .eml

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 52.113.194.132
              • Excluded domains from analysis (whitelisted): ecs.office.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net
              • Not all processes where analyzed, report is missing behavior information
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtSetValueKey calls found.

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):231348
              Entropy (8bit):4.382095584831518
              Encrypted:false
              SSDEEP:
              MD5:924FB89C2CEE5D5BA3B2B8B41E19A53D
              SHA1:1CE6A5A38E8B7885482A761EFC1AB68EDF10D11C
              SHA-256:4E416BE1DB563703197E2F6AA7351F41117117441427DA3D152FC2C853F96769
              SHA-512:A1DAAE23280D9F3A8C8AB820F66C40C4A6E0B52F50138557592A0F7BDB655AEBD8FA9FFCA5F8362E4EAC1C1D968664CA12F1D75A7C30B0F55EFB091AADA3275F
              Malicious:false
              Reputation:unknown
              Preview:TH02...... .`..L........SM01X...,.....L............IPM.Activity...........h...............h............H..h.........b0V...h............H..h\cal ...pDat...h....0...x......h.z.=...........h........_`.j...h.{.=@...I.lw...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h...U..........#h....8.........$h........8....."h(b.......a....'h..............1h.z.=<.........0h....4....j../h....h......jH..h....p.........-h .............+h.y.=........................ ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):32768
              Entropy (8bit):0.04579732647217531
              Encrypted:false
              SSDEEP:
              MD5:1E887F94A098DE51E04CD12AF52AFBC7
              SHA1:088192A06A2839D27653697DB71E713C7D47B733
              SHA-256:4836D84D6624E0DB6095AFD7EAC8CC5B9DF9F78541C67A73310C8C6DBBF96DBF
              SHA-512:401BB6F4167E8DBCE20E692108732D95052D6F2F85B62ADDFAA22427762E66E4E1569382418756E2207F5C49FA17D53F4D9FE7465AD0F0DAC7D1D9BD2125BB41
              Malicious:false
              Reputation:unknown
              Preview:..-.....................oWl...mZ..56....)..!...m..-.....................oWl...mZ..56....)..!...m........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:SQLite Write-Ahead Log, version 3007000
              Category:modified
              Size (bytes):49472
              Entropy (8bit):0.48347837480316913
              Encrypted:false
              SSDEEP:
              MD5:CCBC540C619AF0C39A562EAFECA4404B
              SHA1:BCB4EC0DB8A865E2DB88466B08F1CFB3FECCD0BB
              SHA-256:295536CB033B8C71DCBF10BF385D80FA43FDD7857867532C672BEA9C75B60304
              SHA-512:483947394A0148B7CC0E589CDE685C15DDE2132902F552987AB4387EA23FB00B20DD035E5820245CB6A0B34B40138D7441CEA4AA0C944EA4C95FCB679035D6F6
              Malicious:false
              Reputation:unknown
              Preview:7....-............56......."[.._..........56.........SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\ Q1 Performance Summary and Analysis (002).shtml:Zone.Identifier

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):26
              Entropy (8bit):3.95006375643621
              Encrypted:false
              SSDEEP:
              MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
              SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
              SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
              SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
              Malicious:false
              Reputation:unknown
              Preview:[ZoneTransfer]..ZoneId=3..

              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\9PJHFGTO\ Q1 Performance Summary and Analysis.shtml

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:HTML document, ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1836
              Entropy (8bit):4.928070214191098
              Encrypted:false
              SSDEEP:
              MD5:55DF81AA467DB424BA8867F92B63B682
              SHA1:34F83F128C4FE76E5FFD71FB15DAD08C7B4D2907
              SHA-256:8735686D187422A6AB0E936B1FB27A1369BC85DA19B4CE948F5E4B6A9682C2A0
              SHA-512:A9ADB378E15940E7B45CD6C98F914F7B9D503B9B90FEB4B7BD931A49FE6A79226FB43222AC8705D64B8F8EB773FD6215259477E10421DE141AD42C5084820ED1
              Malicious:false
              Reputation:unknown
              Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Redirecting...</title>.. <script>.. // Function to extract email from URL.. function getEmailFromURL() {.. // Get the URL parameters.. const urlParams = new URLSearchParams(window.location.search);.. // Get the value of 'email' parameter.. const email = urlParams.get('email');.. return email;.. }.... // Function to redirect to the link after 3 seconds.. function redirectToLink() {.. setTimeout(function() {.. const email = getEmailFromURL();.. const link = document.getElementById('redirectLink');.. link.href = `https://project-2024-tasks.membership-6e8.workers.dev/?email=ZGF2aWQuYW5kZXJzb25Ad2VhcmV3b3Jrc3BhY2UuY29t`;.. link.click(); // Simulate click on the link to redirect..

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714124240335060700_2F4993B0-5383-47C6-AA3F-C64361097689.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:ASCII text, with very long lines (28768), with CRLF line terminators
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.15917551546519604
              Encrypted:false
              SSDEEP:
              MD5:811C1CBA63162BA4A1695F50BFAC666D
              SHA1:C9A411AC737B4CFDE96255E7EA4644DAEA0CF45B
              SHA-256:70989098673447D0287AA4238BB164B7A15F1B4A9F675B370D266E8E61713128
              SHA-512:0BDDE05B9240ADE2F2E1867A42B83C2C001D55BBB148D7D3A8FB0EA5F1449FD4725BE28491EE886CBDFBDE38D40FA51BEE45A36E0152D7E9AC637537F1243ECA
              Malicious:false
              Reputation:unknown
              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..04/26/2024 09:37:20.370.OUTLOOK (0x18C0).0x18BC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-04-26T09:37:20.370Z","Contract":"Office.System.Activity","Activity.CV":"sJNJL4NTxkeqP8ZDYQl2iQ.4.11","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...04/26/2024 09:37:20.386.OUTLOOK (0x18C0).0x18BC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-04-26T09:37:20.386Z","Contract":"Office.System.Activity","Activity.CV":"sJNJL4NTxkeqP8ZDYQl2iQ.4.12","Activity.Duration":12699,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

              C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1714124240335843200_2F4993B0-5383-47C6-AA3F-C64361097689.log

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):20971520
              Entropy (8bit):0.0
              Encrypted:false
              SSDEEP:
              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
              Malicious:false
              Reputation:unknown
              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240426T1137200130-6336.etl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:modified
              Size (bytes):106496
              Entropy (8bit):4.490733951294835
              Encrypted:false
              SSDEEP:
              MD5:DDD6C0D14ABA409895FBC5A140E146B5
              SHA1:68722B6AED200D67E431F84985FF6C043CE2B48D
              SHA-256:0308ED82DD06AD805DECD6B13F7C40960F29244822FF377CEEA379CF8ECA49D7
              SHA-512:B779A7EA0C4F27A5FBFD13B23E03C1AAEDBB6806799827991409201CD9BF47A261B07939683A8819D7AC9893FF68188EDC231E9796F27ADC3A761D0B283AE154
              Malicious:false
              Reputation:unknown
              Preview:............................................................................`...........F".U....................eJ..............Zb..2.......................................@.t.z.r.e.s...d.l.l.,.-.3.2.2.......................................................@.t.z.r.e.s...d.l.l.,.-.3.2.1.............................................................4Q.Y..........F".U............v.2._.O.U.T.L.O.O.K.:.1.8.c.0.:.8.e.0.1.d.b.5.7.3.b.e.c.4.6.5.4.a.d.6.a.0.9.9.d.e.8.a.8.7.2.7.a...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.4.2.6.T.1.1.3.7.2.0.0.1.3.0.-.6.3.3.6...e.t.l.......P.P.........F".U............................................................................................................................................................................................................................................................................................................

              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):30
              Entropy (8bit):1.2389205950315936
              Encrypted:false
              SSDEEP:
              MD5:382233B47D3B8C7D3F7E0616A6CF2C65
              SHA1:5ADED4674D822226AC032B19F4257480251F650C
              SHA-256:0160ABC7FC8BA7AFFBC5C65D09527F230C550098F1AF7DFDD9A033A4350D8AD8
              SHA-512:64692ED7EBFF1CB99EE51A403C9934C94FB8C2C518538A368F8BA1F4B7F0A43C3635CFDCBAFB0739C11E8CF0CB845263DE2DA3146285731B12831E0CA9157520
              Malicious:false
              Reputation:unknown
              Preview:..............................

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2673
              Entropy (8bit):3.988088933414913
              Encrypted:false
              SSDEEP:
              MD5:13750F6E01EF7CEF036F5BCA0E088C94
              SHA1:703E131076482565220130A333FFA2C55EF07F26
              SHA-256:6541526DC33CFCDAECBF092988AB66298FAB990925DEA88638EDAA3D8079A947
              SHA-512:C8C590682F94D5060C641BD8A6652F3218811B3E769C48F4F1ED68A1BE661870CDA5B09C5D71CCBB2AD3A599779C67D3B02B5DFB9AECBB7493374A6240C48E14
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,....jV(b....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2675
              Entropy (8bit):4.00811453614827
              Encrypted:false
              SSDEEP:
              MD5:B4967E63C77E2377D14CB97510912F1B
              SHA1:639A6A01C2E97D828CA2233EA73C8476361DFDB6
              SHA-256:ACE27F372872074706243596C3ED5F5F4E301474231AE371763717831AC01740
              SHA-512:797E228AEBE9CABC237AAD66615C332D9491671B97345F4A3DDE1A8719CB0EFD5E7EEF5ACFFF5BC15B75808DCCC6FB2636E2CCA6F889EFC26FEE88294F83F02C
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.......b....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2689
              Entropy (8bit):4.012370436842968
              Encrypted:false
              SSDEEP:
              MD5:017AF016EC2646F789E7685FABEFFB74
              SHA1:0ECC223EBA1A935B160DF3856BBBDDA5CC26481A
              SHA-256:DD9CCD6844C14273FA7F547FA02E9DAD7CEB9A3909F8F171C2BCAE1843C5457D
              SHA-512:7F6C0CA0A610AA9A838FE61A4CF13E552578ADA4C82A762134B0A0D1697F787EFABB8385614D1E0626CA5D8B5CD201298DE2230474431E1703DBE86BECDFB27C
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):4.0053714828140965
              Encrypted:false
              SSDEEP:
              MD5:08768322F8AE44C6AFE33FEDD5AE1018
              SHA1:94024D1526A8D2412EAF4965F694FB5AE321423E
              SHA-256:3EBEC5F878A0FC75838841C75C493B12DD4130924CA0A09BC0001B1369362BC9
              SHA-512:A27C7A7291DFBDF123694E833B0C55F34DCF6D1C0872EE9A5B433914A1D11A230F5DD1D6E93C57A1C95BAEA8F4B5FF194CE0457839F2FC00CED37B5D5D4C9578
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.......b....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2677
              Entropy (8bit):3.991776043461072
              Encrypted:false
              SSDEEP:
              MD5:E3975CBB634A8F95D3747B8A98D39738
              SHA1:4D4F3FE32B78077FA8BA2065B3CABBE52D24951E
              SHA-256:07CB5D8C39CF123CEC3BEED43771A9BF2EDC55B64112051C6A86729ECD2EF092
              SHA-512:EBC644977AF11FC50B38A1F37397F473752CFA58955B35C0C1125C09A5D8CF6DC15BEDE592B0E9FCF82877952EB4E2D669BB5B5AF934AFB743ED74C913EE7490
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....b"b....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 08:37:41 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
              Category:dropped
              Size (bytes):2679
              Entropy (8bit):4.002728629346247
              Encrypted:false
              SSDEEP:
              MD5:908DF0AAAF5B0ABF19D2919AA547EE0B
              SHA1:4BA3A2D03B04BCC6EB3E92E837ADD35909B34785
              SHA-256:AD135F29BFFE3533826273BD94E425A51776003C03888E4A3AD1E1FF656E8E8A
              SHA-512:28FEB20224BCCBD5553F88578551AAE4156774E090556626F6B3A4CCEFE0DBD3A71991A1014E0B0C99AAAA8852E2C7439519D0F272C4BB6A07FF7B14E02C1072
              Malicious:false
              Reputation:unknown
              Preview:L..................F.@.. ...$+.,.....i.b....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

              C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:Microsoft Outlook email folder (>=2003)
              Category:dropped
              Size (bytes):271360
              Entropy (8bit):2.3519184259579453
              Encrypted:false
              SSDEEP:
              MD5:228CC7E29C30F1A5EACEBF7E89C8BDCB
              SHA1:2269FF8CBC762801CC654A503614BEE5A81293CC
              SHA-256:E0FE7D0A0EEC445D0EA875F0A0DAF5F47EDD2BA4F67DAE1C0717FFCB7C75D9E7
              SHA-512:D903F20CB6415198CD280052DE5B4927BB9716DE7A76125F8A0C16C1F476B820E49FFE91EA56FF31BAB9053DF8739EEA231719803094DDB6BD2400A7E3ADDA19
              Malicious:false
              Reputation:unknown
              Preview:!BDN,..&SM......\...G...................Y................@...........@...@...................................@...........................................................................$.......D...............................0.........................................................................................................................................................................................................................................................................................................._.h........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

              Download File
              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
              File Type:data
              Category:dropped
              Size (bytes):131072
              Entropy (8bit):2.726491965372993
              Encrypted:false
              SSDEEP:
              MD5:21DDA9B9BA2934A1DC32D926FA0FF147
              SHA1:626057506F783E606C4D81ECBAD0B542920ADB80
              SHA-256:6918A919C201454B2631F14BF4B39D75D8878C8F5B61CC03A61AC71B0FDE7489
              SHA-512:D215A6C95BF7F738269A711E09412A02B9F79F6F58CB8B70E6F7328E63D01373D5DE35DF348EBC8336CB9EC64BB494B92E932F374F80B87D7CB93CF3C2970972
              Malicious:false
              Reputation:unknown
              Preview:...C...k.............nU......................#.!BDN,..&SM......\...G...................Y................@...........@...@...................................@...........................................................................$.......D...............................0.........................................................................................................................................................................................................................................................................................................._.h......nU.........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

              Chrome Cache Entry: 64

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 1017 x 535, 8-bit/color RGB, non-interlaced
              Category:downloaded
              Size (bytes):67436
              Entropy (8bit):7.948305777587869
              Encrypted:false
              SSDEEP:
              MD5:3A0BA7D88952A801EC24869E9FE975CC
              SHA1:19BD982D41E669F770C13E4DDDF8B5B3903FB4BA
              SHA-256:5D46C3EC9CB3803747C268CCFC17DBF25991A24FCA3C0853979F57DC402397DD
              SHA-512:92005C3030EB74366DFA9784FDDFF48242AAF0395189D848CBDF7B227CD49953ADB61199CCC9860E2926F73322C6004F8A936CE513734158140DE986BD381503
              Malicious:false
              Reputation:unknown
              URL:https://d15shllkswkct0.cloudfront.net/wp-content/blogs.dir/1/files/2023/12/microsoftsecurity.png
              Preview:.PNG........IHDR.............H.......sRGB.........gAMA......a.....pHYs..........o.d....tEXtSoftware.Greenshot^U......IDATx^...|TW.....:..L..N.....3.|..N.......w.vw..{pO.cC.!,.hr..'...n....6...h..&.$.2.U...........(=....{.=.9.....VU.....EQ.EQ.E..P.W.EQ.EQ..D]_Q.EQ.EQr.u}EQ.EQ.E.M...EQ.EQ.%7Q.W.EQ.EQ..D]_Q.EQ.EQr.u}EQ.EQ.E.M...EQ.EQ.%7Q.W.EQ.EQ..D]_Q.EQ.EQr.u}EQ.EQ.E.M...EQ.EQ.%7Q.W.EQ.EQ......(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.....(..(...&....(..(.....+..(..(Jn...(..(..(.

              Chrome Cache Entry: 67

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:HTML document, ASCII text, with very long lines (64557)
              Category:downloaded
              Size (bytes):90390
              Entropy (8bit):5.71086405659963
              Encrypted:false
              SSDEEP:
              MD5:0B92BDFC3D669010E9A0045A890449AF
              SHA1:B9BC7C070E97A8098E3B025ED5060EF5EC473267
              SHA-256:1D8999D20A92A9007FF661ED9BB0A660DBDC7F3172EC7B50D30B39AD5EBF5AAB
              SHA-512:63BE8A57DA96A37B0333A5C619A503FE2342E155E028DB56E16772B7F0371182C292A0759D667A2837C90CE5906904B0E5F033E9B664825C5DCC2B9226322F9B
              Malicious:false
              Reputation:unknown
              URL:https://todays-tasks-plan.vercel.app/
              Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"/>. <meta name="robots" content="noindex, nofollow"/>. <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>. <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">. <style>. body {. display: flex;. justify-content: center;. align-items: center;. height: 100vh;. margin: 0;. flex-direction: column;. }. .logo {. width: 150px; /* Set the width of the image */. height: auto; /* Maintain aspect ratio */. }. </style>.</head>.<body>. <img src="https://res.cdn.office.net/todo/1775280_2.119.2/icons/logo.png" alt="Tasks Logo" class="logo">. <p><b>Just a minute....<b></p>.</body>.</html>.</html>.<body id="viucww" data-iibetb="">.<script type="text/javascript">.function a0m(s,o){var

              Chrome Cache Entry: 68

              Download File
              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
              File Type:PNG image data, 1350 x 1100, 8-bit colormap, non-interlaced
              Category:downloaded
              Size (bytes):70350
              Entropy (8bit):7.696392903825598
              Encrypted:false
              SSDEEP:
              MD5:F4BAD5B3A0D8811F9BCEF118ABA6B8F8
              SHA1:841112FAF513EA1B5E64F8D71A5249B053F955EA
              SHA-256:C87265A87F887380A04CF21925A56539B29364B51AE53E089C3EE2B2180148C6
              SHA-512:A1395F7C1DF4BA3EC94342A11D5BD65B63303AE38AE53FA63C05BCD6CFFB56F3583C893EC8904DB1ADB58683420F0F1E251A5663BAAD84303A3021EC8B73147B
              Malicious:false
              Reputation:unknown
              URL:https://res.cdn.office.net/todo/1775280_2.119.2/icons/logo.png
              Preview:.PNG........IHDR...F...L.....bs......PLTEGpL.........Z..n..p..q..o..l..j..R..)Kri..d..[..X..X..Y..^..v..UUUf..W..v..`..Y..;h.r..<JY!O._../e.W..q..Y.....Y..f..V..V..X..V..U.....W..U..T..S..U..S..j..R..T..R..Q..Q..R..P..P..P..O..Q..c..O..N..O..N..M..M..M..L..L..M..K..K..J..]..J..J..I...........I.....H..d........Z...T....H...........J..G...........G...V..S..X..Y..Z..Z..Y..Z..Z..Y..Y.....W..Z..Y.W............X.c......Y.%].....Z.O........G.....*C]S.....F.....F..............I.....E.....D..D..H..D..C..C..B..B..G..A..A..G..@..@..?..I..?..F..>..>..=..=..=..D..<..D..;..K..;..:..:..C..C|.:..9..B..9..8..%s.8..H..7...Jt7..6...N.'`.6..E..5......N.5..4..4..4..C..:s.3..3..2..2..1..1..#o.1..0..?..0../../........-..,..:..,..+..+..+...g.*..*..._.(..'~.0j.)..)..8..(p.&h.5..3..0.....+..%e.(..$_.)..(}..(;(w..h......tRNS....!Qv.............9...7.........a................R...........R.............Q............G............,Ck........^..;...w......d....,a..... .!.".#...............g................i.........S

              Static File Info

              General

              File type:multipart/mixed; boundary="===============6372313978696415606==", ASCII text, with CRLF line terminators
              Entropy (8bit):5.335109595535395
              TrID:
                File name:You have been assigned a task.eml
                File size:16'236 bytes
                MD5:9e62885b9d085dd29903831a1923358e
                SHA1:43233c6286bae24140e93176f7d8f74712b3cdb0
                SHA256:ce49f01146f79f37de940753f57f561812b6c0e115ca1e9b021db51e6de9eca4
                SHA512:7e8eb0fe86240a4b21e6cd01825da36e9d0c5dfdb4de6555526b6e715996498e52039ac652274a13fc1dd72e3fc45552e490256338cd925ff891cfac481eb9b2
                SSDEEP:384:R84QSvSbi9c98+9DrKoVHh+Xo4zK2PRf1Fw7t8M9B:R3bvOHkI8MX
                TLSH:38727504534054BA143F13ADF396BBDC9362AF2D4A0514217D2EB3A48FBAE607DD629F
                File Content Preview:Content-Type: multipart/mixed; boundary="===============6372313978696415606=="..From: Tasks <tasks@onmicrosoft.com>..To: david.anderson@weareworkspace.com..Subject: You have been assigned a task..Date: Thursday-April-2024 09:44 AM ..Message-ID: <Microsoft

                Static Mail

                General

                Subject:You have been assigned a task
                From:Tasks <tasks@onmicrosoft.com>
                To:david.anderson@weareworkspace.com
                Cc:
                BCC:
                Date:Thursday-April-2024 09:44 AM
                Communications:
                • Tasks Oca-Sf assigned a task to you membership@oca-sf.org First Quarter 2024 Financial Snapshot and Analysis Review April 2024Tap Attached To View Task You are receiving this email because you have subscribed to Microsoft Office 365. Notification settings: Go to Planner, select the Gear icon, then select Notifications. Privacy Statement. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 USA Thank you.The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you.
                Attachments:
                • Q1 Performance Summary and Analysis.shtml

                Headers

                Key Value
                Content-Typemultipart/mixed; boundary="===============6372313978696415606=="
                FromTasks <tasks@onmicrosoft.com>
                Todavid.anderson@weareworkspace.com
                SubjectYou have been assigned a task
                DateThursday-April-2024 09:44 AM
                Message-ID<MicrosoftExchange329e71ec88ae4615bbc36ab6ce419e@onmicrosoft.com>
                X-WQEHKCNEVDXZDEUGW
                X-GNULMJDQTZSDLCYU
                X-OEGQZHPDLU
                X-CPZIPIIRIPEIQSR
                X-FYPCZBXHPTDFT
                X-PSMMUXAFQKMJC
                X-GCAQIMCJSTMTZ
                X-Accept-Languageen-us, en
                X-Originating-IP10.0.15.58
                X-Identity
                X-Auth-IDMicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@onmicrosoft.com
                X-Orig-Todavid.anderson@weareworkspace.com
                X-SpamInfospam not detected
                X-Spam-FlagNO
                X-AES-CategoryLEGIT
                X-Spam-Score0
                X-Spam-Category: LEGIT
                X-SpamCatcher-Score0
                X-Virus-ScannedOK
                X-Suspicious-FlagNO
                X-SpamFilter-ByBOX Solutions SpamTrap 3.5 with qID r0HNXZSI028539, This message is passed by code: ctdos35128
                Auto-Submittedauto-generated
                MIME-Version1.0

                File Icon

                Icon Hash:46070c0a8e0c67d6