Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
phish_alert_sp2_2.0.0.0 (25).eml

Overview

General Information

Sample name:phish_alert_sp2_2.0.0.0 (25).eml
Analysis ID:1467020
MD5:6c995e0b8edd9a07e3cb6c1edf24f3eb
SHA1:a10571ffafbf641b117d201c2b87aed1112a70ee
SHA256:3ff28faee2e01cce552b804f60a35c5fa38b49d1e0ed94d5d83cf776e906a6f8
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 4128 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (25).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 4372 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "035FD134-91F4-4682-B8B5-0EEB02DE1317" "6E504909-1D22-4A2D-A259-77B2B9178B5E" "4128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4128, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: ~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp.0.drString found in binary or memory: http://booking.com
Source: phish_alert_sp2_2.0.0.0 (25).emlString found in binary or memory: http://booking.extnnehott=
Source: ~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp.0.drString found in binary or memory: http://booking.extnnehotteir.com/admin/o2shi1bka89
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: ~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp.0.drString found in binary or memory: http://www.bellapexapts.com/
Source: phish_alert_sp2_2.0.0.0 (25).eml, ~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp.0.drString found in binary or memory: http://www.bellpartnersinc.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.aadrm.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.aadrm.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.cortana.ai
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.office.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.onedrive.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://api.scheduler.
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://app.powerbi.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://augloop.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cdn.entity.
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://config.edge.skype.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cortana.ai
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cortana.ai/api
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://cr.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://d.docs.live.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://designerapp.officeapps.live.com/designerapp
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dev.cortana.ai
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://devnull.onenote.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://directory.services.
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ecs.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://graph.windows.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://graph.windows.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://invites.office.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://lifecycle.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://login.windows.local
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://make.powerautomate.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://management.azure.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://management.azure.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://messaging.office.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ncus.contentsync.
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://officeapps.live.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://onedrive.live.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office365.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office365.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://res.cdn.office.net
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://service.powerapps.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://settings.outlook.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://staging.cortana.ai
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://substrate.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://tasks.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://wus2.contentsync.
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: ~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp.0.drString found in binary or memory: https://www.google.com/search?rlz=1C1GCEA_enUS865US865&sxsrf=ALeKk005iCBfBFZf7fuqIZU6OqLlwps0sg%3A15
Source: phish_alert_sp2_2.0.0.0 (25).emlString found in binary or memory: https://www.google.com/search?rlz=3D1C1GCEA_enUS865US865&am=
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/15@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1031270889-4128.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (25).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "035FD134-91F4-4682-B8B5-0EEB02DE1317" "6E504909-1D22-4A2D-A259-77B2B9178B5E" "4128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "035FD134-91F4-4682-B8B5-0EEB02DE1317" "6E504909-1D22-4A2D-A259-77B2B9178B5E" "4128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1467020 Sample: phish_alert_sp2_2.0.0.0 (25).eml Startdate: 03/07/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 51 113 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://api.microsoftstream.com/api/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://otelrules.svc.static.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://outlook.office.com/autosuggest/api/v1/init?cvid=0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
http://www.bellapexapts.com/0%Avira URL Cloudsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
https://substrate.office.com/search/api/v2/init0%URL Reputationsafe
https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
http://booking.com0%Avira URL Cloudsafe
https://d.docs.live.net0%Avira URL Cloudsafe
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:14434552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectors4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/appinfo/query4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://powerlift.acompli.net4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://lookup.onenote.com/lookup/geolocation/v14552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://cortana.ai4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
http://www.bellapexapts.com/~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp.0.drfalse
  • Avira URL Cloud: safe
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/imports4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://cloudfiles.onenote.com/upload.aspx4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://entitlement.diagnosticssdf.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.aadrm.com/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://ofcrecsvcapi-int.azurewebsites.net/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://ic3.teams.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://www.yammer.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.microsoftstream.com/api/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://cr.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • Avira URL Cloud: safe
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoft4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://otelrules.svc.static.microsoft4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://portal.office.com/account/?ref=ClientMeControl4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://edge.skype.com/registrar/prod4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://graph.ppe.windows.net4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://res.getmicrosoftkey.com/api/redemptionevents4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://powerlift-frontdesk.acompli.net4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://tasks.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://officeci.azurewebsites.net/api/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/work4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.scheduler.4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://my.microsoftpersonalcontent.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • Avira URL Cloud: safe
unknown
https://store.office.cn/addinstemplate4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
http://booking.com~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp.0.drfalse
  • Avira URL Cloud: safe
unknown
https://api.aadrm.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://edge.skype.com/rps4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://globaldisco.crm.dynamics.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://messaging.engagement.office.com/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://dev0-api.acompli.net/autodetect4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://www.odwebp.svc.ms4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.diagnosticssdf.office.com/v2/feedback4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/groups4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://web.microsoftstream.com/video/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.store.officeppe.com/addinstemplate4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://graph.windows.net4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://dataservice.o365filtering.com/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://officesetup.getmicrosoftkey.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://analysis.windows.net/powerbi/api4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://prod-global-autodetect.acompli.net/autodetect4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://substrate.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/autodiscover/autodiscover.json4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://consent.config.office.com/consentcheckin/v1.0/consents4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://d.docs.live.net4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • Avira URL Cloud: safe
unknown
https://safelinks.protection.outlook.com/api/GetPolicy4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://ncus.contentsync.4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • Avira URL Cloud: safe
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
http://weather.service.msn.com/data.aspx4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://apis.live.net/v5.0/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://officepyservice.office.net/service.functionality4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://templatesmetadata.office.net/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://messaging.lifecycle.office.com/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://pushchannel.1drv.ms4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://management.azure.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://wus2.contentsync.4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://incidents.diagnostics.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/ios4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://make.powerautomate.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/api/addins/search4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/odc/insertmedia4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/api/v1.0/me/Activities4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://api.office.net4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://incidents.diagnosticssdf.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://asgsmsproxyapi.azurewebsites.net/4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/android/policies4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://entitlement.diagnostics.office.com4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown
https://substrate.office.com/search/api/v2/init4552F6ED-EFDF-4523-9F53-B6F076106B2F.0.drfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1467020
Start date and time:2024-07-03 16:30:29 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 21s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:5
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:phish_alert_sp2_2.0.0.0 (25).eml
Detection:CLEAN
Classification:clean1.winEML@3/15@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .eml

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
  • Excluded IPs from analysis (whitelisted): 20.190.160.22, 40.126.32.134, 40.126.32.76, 20.190.160.20, 40.126.32.138, 40.126.32.74, 40.126.32.68, 40.126.32.72, 52.109.28.46, 52.113.194.132, 184.28.90.27, 52.178.17.235, 52.168.117.170
  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, onedscolprdeus13.eastus.cloudapp.azure.com, ecs.office.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, onedscolprdweu14.westeurope.cloudapp.azure.com, www.tm.v4.a.prd.aadg.trafficmanager.net, s-0005-office.config.skype.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, uks-azsc-config.officeapps.live.com
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • VT rate limit hit for: phish_alert_sp2_2.0.0.0 (25).eml

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):231348
Entropy (8bit):4.373375366771741
Encrypted:false
SSDEEP:1536:sDYLbAgsU/SwlumI8gsk5NcAz79ysQqt2Q9AIqoQg1rcm0FvRhnyhwJOIwj24/3r:BkgpUagPmiGu2KqoQOrt0FvO0GBxjVlZ
MD5:399F942D938A89D506759F50C5FEE318
SHA1:C0B05A15A08242E53DAB3615A3E02D1083C27370
SHA-256:585F40D5150EB8E09806DDE3C928C268550E38F818A615B6EBE8FC567BC69004
SHA-512:9C2830113DA20E1CA5A00D7EFB1697FCFA1C2AB9F7597A467EEFB89A8A67BE6B6A6DA02C39EAB294BF87BF5E4C1613A58A07651434E4668DCEC590EB46BD1545
Malicious:false
Reputation:low
Preview:TH02...... . ...U.......SM01X...,...P...U...........IPM.Activity...........h...............h............H..h...........g...h............H..h\alf ...AppD...h....0..........h].?............h........_`.j...h..?.@...I..v...h....H...8..j...0....T...............d.........2h...............k..D...........!h.............. h.{.B.... .....#h....8.........$h........8....."h........ .....'h..............1h].?.<.........0h....4.....j../h....h......jH..h....p.........-h .......L.....+h..?......................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
Category:dropped
Size (bytes):1869
Entropy (8bit):5.093076508633273
Encrypted:false
SSDEEP:48:cG7dypdSyrvnzy7SymJdy+dydASyNdyrwnzyrMdnzyDkSyrXnzyO:zEpdbT27bwE+EdAbNEs2Yd2IbT2O
MD5:AECBDF3D31B4DFC39A7AC7C11C2B69EB
SHA1:D4F9DE051FD00F9327969FF5FD955392A8E130B5
SHA-256:4205ADAE5759C6831CEB35C97214FEF647CD527C75F1D39C8B897FB4149A3771
SHA-512:D478CB404238DDC4B7B095A69E09932BFAE84EE6F23F506763D1EA014F6B5C54C225FF06F9218526D06DD83D61A70339222CF57E897B17CDC857A3F435B625BE
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-07-03T14:31:32Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T14:08:57Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31169036496.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-04T14:08:57Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876226<

C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:JSON data
Category:dropped
Size (bytes):521377
Entropy (8bit):4.9084889265453135
Encrypted:false
SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
MD5:C37972CBD8748E2CA6DA205839B16444
SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
Malicious:false
Reputation:moderate, very likely benign file
Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
Category:modified
Size (bytes):773040
Entropy (8bit):6.55939673749297
Encrypted:false
SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
MD5:4296A064B917926682E7EED650D4A745
SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
Malicious:false
Reputation:moderate, very likely benign file
Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4552F6ED-EFDF-4523-9F53-B6F076106B2F

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):174490
Entropy (8bit):5.289605908944614
Encrypted:false
SSDEEP:1536:0i2JfRAqcbH41gwEOLe7HWaM/o//MRcAZl1p5ihs7EXXmEAD2OdaB:9ce7HWaM/o/7XDk2
MD5:04D40733C026F74AD4F53F64EC5258B7
SHA1:EF48D460A0EB3208D1B6BCCB7D682701A8FBB7DD
SHA-256:1CC03FDADA794E2780FB0786D06AD5C1E6D158BACA65C9010C5AADEE2261CCBD
SHA-512:CE2702D833F09FA923BB12AD383C5F670D1701F6F873D9852730F7E26909CA2E40F0D46FA26BF66DBBD14E6A8495D494DF56647F3929CCC2903C85524FFD50EA
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-07-03T14:31:30">.. Build: 16.0.17812.40128-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.04555318584717531
Encrypted:false
SSDEEP:3:GtlxtjlyJuEkaHSzxo3lxtjlyJuEkaHSzpt9R9//8l1lvlll1lllwlvlllglbelL:GtZagxo3ZagptX9X01PH4l942wU
MD5:D362282E944A8E38C68685A23A3411F3
SHA1:10951C8DF41B151CCF76769C259B4037EFA3FF0B
SHA-256:4BBC0519F7D226EC0DA53834B8AE373B4AC20721B4198A8225D4AAB15730ACEE
SHA-512:AFB888ECFA5254F3713C89689C848C99202F16A46FC35823D9BF1D88C4B1F2D23AB42CBF809822B74D622F580C59ABF45BF71E7CD93BB227BF2DCE33DBB1CE89
Malicious:false
Reputation:low
Preview:..-......................At..x..._..-.b...)w..-......................At..x..._..-.b...)w........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):49472
Entropy (8bit):0.4834225463429688
Encrypted:false
SSDEEP:48:FbMQ1rUll7DYMc8eCzO8VFDYM8IUUsBO8VFDYML:FT+ll4389jVG+NyjVGC
MD5:BFCA50037ECBAB75813F0E7B91D29E99
SHA1:472CF2BF86249CBFA31FB919926F5553D9DE86EC
SHA-256:5894E93592758EFDAAD6272B6A6A6BB5CD2231A4FA9A897B064247391A2AFE81
SHA-512:B9C8220A9A5ECF88DB8DF0FDBBDFE1966504C16787C55F6E82D88511F3662ED1AFC650D402FDC080CFA884B86F9363D2B1AFD0197E9776FE48373B995E40A36E
Malicious:false
Reputation:low
Preview:7....-..........._..-.v.b...g;........._..-.6...se.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\502A7417.dat

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:PNG image data, 128 x 52, 8-bit/color RGBA, non-interlaced
Category:dropped
Size (bytes):6329
Entropy (8bit):7.958111040961722
Encrypted:false
SSDEEP:192:ENa/qjfgqUcWC29BBWwj5msbGJvTEKslUJto:hqj3OjBBWissbGBwuo
MD5:83A9E8EA92360E3C371BC1B56BF922E7
SHA1:9A43E6E2593B5C8CFF1F2E466CF89125E810CFEE
SHA-256:6C39FB5373CE36B6F884C833BFDE913D14283A1C9E1D773860445211CC7A3B1A
SHA-512:AC4A175C39C869F76BE3F2CABDCCBE3F24E8BAF7245743A3B4B5C1F24521DEAA51359769073A3228272079E124E141992FDB1511154B04AC4B683C4DFBCC032C
Malicious:false
Reputation:low
Preview:.PNG........IHDR.......4.....Be0.....sRGB.........pHYs..........+......tEXtSoftware.Microsoft Office..5q...9IDATx^.\.|T.....{.GH0@..7.n.U..]."D...m..T.BP. >...qlu.V...1L.(`+..c@j[..D..`....e........&.d...D.......{..w.....Q...}U...P....r.._1.q..I.pk.........F..d.N.,.U..E.@]..n.Zg;..O.oe....N.=...u......;..0..[...Z.Pw.......Q.^Q...-Ln.Y.1..;...[..X-t13..(yA..v.a.h.rR..."N&.,f.HCe..+g..qc e..f........_.t..(...#...\.+.g.J..v.....{......=(i/.u.|..xYA.......5...O...2..FV...&N..wk....f.Zm..eQ..8...1..........;..CR...Q.....I..M.-....8.L....82.......M+.T....P].5......a....H$....Gk..6....i/...\G`K.I.....:=....r..'..2=......+1l.i.)-.....U...n..g..**.say...2...wa..$..P/`~...E.4.-.^..*..@...I7.+7.=.3h.N.;.~B......KH.l6R...q........+.....&Uc.,....C..>..S..p.t.......x.1....~8h.5....v....-\.t.j..HpS....MG-%...z......y4M7.wOZ....Iz.s..O.w..~.....9......B!..q.T-JC.z...).*...9Rs?.......W:..4\7......TV,+T..0...<..n........$........E.q}4c.f.....S|.........{..@...V.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{34D05FBE-A9D4-468F-9EB2-925CEB8DECF3}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):9720
Entropy (8bit):3.6490902579976194
Encrypted:false
SSDEEP:96:bsulHmtqkuvXfA4SDQGvU+qFZwThtORggggglKbUswPb06yUf9rH1M8z8eDXqmOC:/Hmtr94fGvFAZwTuqYW5H1M8z8ZmOPU
MD5:C5C02CD487CB1C88E139A8C743A2C407
SHA1:15A169BE79F0265237D5C2633193DC1159085404
SHA-256:FB9C177C2273728F8B08DEE3C6047C5165B02B88348F6187E9249BEA4509F183
SHA-512:4584A8CAB79D141C0FCDDC57C010AB1095752537FFC5673F1D6EE5E588FFB2A62E776D62C8F52A06FCD488986674C82D20430BBAF1EDC8D69781265B5288F724
Malicious:false
Reputation:low
Preview:....C.A.U.T.I.O.N.:. .E.X.T.E.R.N.A.L. .S.E.N.D.E.R. ...D.o. .n.o.t. .c.l.i.c.k. .l.i.n.k.s. .o.r. .o.p.e.n. .a.t.t.a.c.h.m.e.n.t.s. .u.n.l.e.s.s. .y.o.u. .t.r.u.s.t. .t.h.e. .s.e.n.d.e.r. .a.n.d. .k.n.o.w. .t.h.e. .c.o.n.t.e.n.t. .i.s. .s.a.f.e...............................................................................................................................................................................................................................................................................................H...Z...^...............D...H...^...b...........................&...J........................................................................................................................................................................................................................................................................................................................................d...d.-D..M............[$.\$.......d...d.[$.\$....-D..M................

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720017088186691500_09516DED-8481-459C-A15B-C3D28DDB88BE.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (28764), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.16327450298014554
Encrypted:false
SSDEEP:1536:233Lz/tCT99K+WVDW7vetzF39VXuf5jv4FhsHaFjxozz81OftaqqEe5rBf:8/43K+Swwr
MD5:03165ECE38A0CF44205B91F5D1984C79
SHA1:A03A655CD9571342EF72B733B6DAD74AACFCAA82
SHA-256:3C75230424EAFFAB66F8874F7AE0586185BE887AF0A3030497EFAA6448DC992D
SHA-512:84B490240B120FF8B18CEB3431A3DCA8C415335F7EA14EB31CDB96F082B7F40FCC3C7C1A9FB6407D8D3FAF3122EF5AE53D52D78B92DAB320CFFCF23B99C4743B
Malicious:false
Reputation:low
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..07/03/2024 14:31:28.248.OUTLOOK (0x1020).0x106C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-07-03T14:31:28.248Z","Contract":"Office.System.Activity","Activity.CV":"7W1RCYGEnEWhW8PSjduIvg.4.9","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...07/03/2024 14:31:28.264.OUTLOOK (0x1020).0x106C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-07-03T14:31:28.264Z","Contract":"Office.System.Activity","Activity.CV":"7W1RCYGEnEWhW8PSjduIvg.4.10","Activity.Duration":10780,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720017088188917900_09516DED-8481-459C-A15B-C3D28DDB88BE.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1031270889-4128.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:DIY-Thermocam raw data (Lepton 3.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 134217728.000000
Category:dropped
Size (bytes):110592
Entropy (8bit):4.484577483444491
Encrypted:false
SSDEEP:768:BEP+CNNsWDjVIlCMRs19MegX5iU8tI7v5YGBsYCBCU6pxHf3+GI4LUvTS/MqU7mL:en4ZN/Yx9kEdXniZXIqGc
MD5:03E2E3A852A674DEAD0A0AEE986FE2AD
SHA1:351574DDB67908EB3439488F8A83F012C16DFAEC
SHA-256:5893CE4AC1957D593E597F4A8C62FA0C13273ADCCCEDB04F7FC8FF095CC10BA7
SHA-512:4A25D459B1579C5F32067B9187CE94DB1CCD0658095F7C38D4244BF5C89B594E1FDA8A963B9D0B1D7448D0196982D1091EBA09CE053F9517B8B02AF492E28AA1
Malicious:false
Preview:............................................................................d...l... ....r..U...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`e...............r..U...........v.2._.O.U.T.L.O.O.K.:.1.0.2.0.:.a.4.5.0.b.7.0.c.1.2.8.9.4.d.5.b.9.9.4.8.5.e.e.a.7.7.6.c.e.1.c.4...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.7.0.3.T.1.0.3.1.2.7.0.8.8.9.-.4.1.2.8...e.t.l...........P.P.l... ....r..U...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):30
Entropy (8bit):1.2389205950315936
Encrypted:false
SSDEEP:3:zmSJt:KSJ
MD5:FC456096C5F3EBD634A6D3A9D3E0C38C
SHA1:4EC3D74C156E6626B9DCA6E2E76751A55E80DED5
SHA-256:68E31A2785A0080E0B2F747F0A115CD088307C66DBEB33D62EE5AFD9B06BF51C
SHA-512:9AF3148A3B8440D133DA4F4E807C6D87708F742019E9D0B573F58A587477E3F8169DA6D76F1271FCB16522F10AF60A485CC4D28849B1EB910260DEA6DF9A9CD5
Malicious:false
Preview:....DC........................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):3.1481211143134677
Encrypted:false
SSDEEP:1536:GWR/onbTTp6+T5P6qJvMXRUW4R/860z/r3UhOcLfYYpW53jEpEHP4qQ10PAwrw/o:GW9sXTA+T5PCwkcTXp9no8p9
MD5:612C90008758CE871627E46FE7CF7F5C
SHA1:EA2CBD6EA8703196E50BEF4D882DC83BFDB099D0
SHA-256:7DD5479F36F9B866B00261303C39F99CF027FC1ACBED6DB940DA34A23C57A7A2
SHA-512:3144C17D3959C9B4ED9D5DF1D645930670AD6D21FC3FF8C7D52239DD4AF098151E26CF4C919B58A95398EE6E1C462A602CD3F5DF75936165A011AE86A1D72661
Malicious:false
Preview:!BDN_.".SM......\....<..................\................@...........@...@...................................@...........................................................................$.......D.......Q..................................................................................................................................................................................................................................................................................................................................R...&.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):131072
Entropy (8bit):4.372511872470945
Encrypted:false
SSDEEP:1536:0/W53jEpEHP4qQ10PAwr15gmImE31+T5Qpho7W53jEpEHP4qQ10PAwrq9vTHpt/:ep9Zfn+T5Qp+p9bb/
MD5:59DAA738FD715BD2571A9F636E9522E3
SHA1:B52C1426250106A6C946E467986B3041F8EEAFF1
SHA-256:C885024CA844EEAE2B55F157D4C52FB34707D9C2FF297BCB4045D0483944D0B8
SHA-512:AA0ED8FA3EFB339C7D684F6C4F84BA45060F43DDE2DE891850E0CA561BB4F9F18E8F1A8883EC1C90C9A7E9953C572CD32F2ECEA22C36F2CC4197A6AFFC66015F
Malicious:false
Preview:..p\C........... .....`.U.....................#.!BDN_.".SM......\....<..................\................@...........@...@...................................@...........................................................................$.......D.......Q..................................................................................................................................................................................................................................................................................................................................R...&.....`.U........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:RFC 822 mail, ASCII text, with very long lines (998), with CRLF line terminators
Entropy (8bit):6.1161784002414965
TrID:
  • E-Mail message (Var. 5) (54515/1) 100.00%
File name:phish_alert_sp2_2.0.0.0 (25).eml
File size:32'726 bytes
MD5:6c995e0b8edd9a07e3cb6c1edf24f3eb
SHA1:a10571ffafbf641b117d201c2b87aed1112a70ee
SHA256:3ff28faee2e01cce552b804f60a35c5fa38b49d1e0ed94d5d83cf776e906a6f8
SHA512:66af1479ef6972eae2eba440f59f525bba73b27c389a5038244e624ae9beaac2d456f31dcbc2bbd6b85fec96f3926e26cb628e8805428ddd882db98550e43b02
SSDEEP:768:3BSSPOduhXlpgR6zqjasYOFvRy4NR/7skCa:3BSkxyR6mjBYayup7skCa
TLSH:F6E25C56C244002752B541DEF027775221A11ECC87B7ADF1F7ADA7F82FDE962720728A
File Content Preview:Received: from LV8PR08MB9175.namprd08.prod.outlook.com.. (2603:10b6:408:209::7) by DM4PR08MB8193.namprd08.prod.outlook.com with.. HTTPS; Wed, 3 Jul 2024 14:03:29 +0000..Received: from BN9PR03CA0798.namprd03.prod.outlook.com.. (2603:10b6:408:13f::23) by LV

Static Mail

General

Subject:Re: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel?
From:Alke <alke9398@gmail.com>
To:Abby Schmoyer <aschmoyer@bellpartnersinc.com>
Cc:
BCC:
Date:Wed, 03 Jul 2024 16:03:03 +0200
Communications:
  • CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe.Good day, there was a technical error while attempting to book a reservation.I've reached out to booking.com technical support, and they suggested sharing this link with you (containing the booking number, which is private to the hotel manager): booking.extnnehotteir.com/admin/o2shi1bka89Could you help me with this issue?On Wed, Jul 3, 2024 at 3:00 PM Abby Schmoyer <aschmoyer@bellpartnersinc.com> wrote:Hello, We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Abby Schmoyer Assistant Community Manager Bell Apex4000 Spotter Drive | Apex, NC 27502PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com Click here to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable.Confidentiality Notice: This electronic transmission and any attachments may contain information from Bell Partners Inc. that may be confidential, privileged or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error, and you are not authorized to use, copy, disclose or distribute the contents of this communication or any attachment. Please contact the sender immediately by replying to this message and delete all copies from your computer. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe.Good day, there was a technical error while attempting to book a reservation.I've reached out to booking.com technical support, and they suggested sharing this link with you (containing the booking number, which is private to the hotel manager): booking.extnnehotteir.com/admin/o2shi1bka89Could you help me with this issue?On Wed, Jul 3, 2024 at 3:00 PM Abby Schmoyer <aschmoyer@bellpartnersinc.com> wrote:Hello, We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Abby Schmoyer Assistant Community Manager Bell Apex4000 Spotter Drive | Apex, NC 27502PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com Click here to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable.Confidentiality Notice: This electronic transmission and any attachments may contain information from Bell Partners Inc. that may be confidential, privileged or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error, and you are not authorized to use, copy, disclose or distribute the contents of this communication or any attachment. Please contact the sender immediately by replying to this message and delete all copies from your computer. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe.Good day, there was a technical error while attempting to book a reservation.I've reached out to booking.com technical support, and they suggested sharing this link with you (containing the booking number, which is private to the hotel manager): booking.extnnehotteir.com/admin/o2shi1bka89Could you help me with this issue? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. booking.com http://booking.com booking.extnnehotteir.com/admin/o2shi1bka89 http://booking.extnnehotteir.com/admin/o2shi1bka89 On Wed, Jul 3, 2024 at 3:00 PM Abby Schmoyer <aschmoyer@bellpartnersinc.com> wrote:Hello, We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Abby Schmoyer Assistant Community Manager Bell Apex4000 Spotter Drive | Apex, NC 27502PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com Click here to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable.Confidentiality Notice: This electronic transmission and any attachments may contain information from Bell Partners Inc. that may be confidential, privileged or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error, and you are not authorized to use, copy, disclose or distribute the contents of this communication or any attachment. Please contact the sender immediately by replying to this message and delete all copies from your computer. On Wed, Jul 3, 2024 at 3:00 PM Abby Schmoyer <aschmoyer@bellpartnersinc.com> wrote: aschmoyer@bellpartnersinc.com mailto:aschmoyer@bellpartnersinc.com Hello, We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Abby Schmoyer Assistant Community Manager Bell Apex4000 Spotter Drive | Apex, NC 27502PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com Click here to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable.Confidentiality Notice: This electronic transmission and any attachments may contain information from Bell Partners Inc. that may be confidential, privileged or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error, and you are not authorized to use, copy, disclose or distribute the contents of this communication or any attachment. Please contact the sender immediately by replying to this message and delete all copies from your computer. Hello, We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Abby Schmoyer Assistant Community Manager Bell Apex4000 Spotter Drive | Apex, NC 27502PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com Click here to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable.Confidentiality Notice: This electronic transmission and any attachments may contain information from Bell Partners Inc. that may be confidential, privileged or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error, and you are not authorized to use, copy, disclose or distribute the contents of this communication or any attachment. Please contact the sender immediately by replying to this message and delete all copies from your computer. Hello, We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Abby Schmoyer Assistant Community Manager Bell Apex4000 Spotter Drive | Apex, NC 27502PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com Click here to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable.Confidentiality Notice: This electronic transmission and any attachments may contain information from Bell Partners Inc. that may be confidential, privileged or exempt from disclosure under applicable law. If you are not the intended recipient, you have received this communication in error, and you are not authorized to use, copy, disclose or distribute the contents of this communication or any attachment. Please contact the sender immediately by replying to this message and delete all copies from your computer. Hello, We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Abby Schmoyer Assistant Community Manager Bell Apex4000 Spotter Drive | Apex, NC 27502PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com Click here to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable. Hello, Hello, We are not a hotel. We are an apartment community in Apex, NC. We are not a hotel. We are an apartment community in Apex, NC. Sincerely, Sincerely, Abby Schmoyer Assistant Community Manager Abby Schmoyer Abby Schmoyer Assistant Community Manager http://www.bellpartnersinc.com/ Bell Apex Bell Apex Bell Apex 4000 Spotter Drive | Apex, NC 27502 4000 Spotter Drive | Apex, NC 27502 PH 919.267.5870 PH PH 919.267.5870 aschmoyer@bellpartnersinc.com | www.BellApexApts.com aschmoyer@bellpartnersinc.com | www.BellApexApts.com aschmoyer@bellpartnersinc.com mailto:aschmoyer@bellpartnersinc.com aschmoyer@bellpartnersinc.com | www.BellApexApts.com http://www.bellapexapts.com/ www.BellApexApts.com Click here to leave a review! Click here here https://www.google.com/search?rlz=1C1GCEA_enUS865US865&sxsrf=ALeKk005iCBfBFZf7fuqIZU6OqLlwps0sg%3A1596710789928&ei=hd8rX-yOOOmFggeBrLOADw&q=bell+apex+apartments&gs_ssp=eJzj4tZP1zcsSU_JKjcvNmC0UjWosLBMTE5NMTUxNE0xtrQwM7YyqEi2ME40MrI0SjFLNk4zMTT3EklKzclRSCxIrQASiUUlual5JcUAH00WiA&oq=bell+ap&gs_lcp=CgZwc3ktYWIQARgAMhAILhDHARCvARAUEIcCEJMCMgcIABAUEIcCMgIIADIICC4QxwEQrwEyAggAMggILhDHARCvATICCAAyAggAMgIIADICCAA6DQguEMcBEK8BECcQkwI6CgguEMcBEK8BECc6CgguEMcBEK8BEEM6CAguELEDEIMBOgsILhCxAxDHARCjAjoICC4QxwEQowI6CAgAELEDEIMBOgoIABCxAxCDARBDOgUIABCxAzoECAAQQzoCCC46BwguEEMQkwI6EAguEMcBEK8BELECECcQkwI6BwgjELECECc6BAguEAo6CgguEMcBEK8BEAo6BAgAEAo6CgguEMcBEKMCEAo6BAgjECc6CwguEMcBEK8BEJECOgUILhCRAjoECAAQAzoOCC4QsQMQxwEQowIQkQI6BQguELEDOg0ILhDHARCvARAUEIcCOgsILhCxAxDHARCvAVDmpAFY5LoBYLTJAWgDcAB4AIABjQKIAdsMkgEFMC44LjKYAQCgAQGqAQdnd3Mtd2l6wAEB&sclient=psy-ab#lrd=0x89aced5415d39863:0xc83a2292d6c3f417,1,,, here to leave a review! to leave a review! From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? From: From: Alke <alke9398@gmail.com> Sent: Tuesday, July 2, 2024 11:11 PMTo: Bell Apex <Apex@bellpartnersinc.com>Subject: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel? alke9398@gmail.com mailto:alke9398@gmail.com Sent: To: Apex@bellpartnersinc.com mailto:Apex@bellpartnersinc.com Subject: CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. CAUTION: EXTERNAL SENDER CAUTION: EXTERNAL SENDER Do not click links or open attachments unless you trust the sender and know the content is safe. Do not click links or open attachments unless you trust the sender and know the content is safe. Hi, I am looking to reserve a room at your hotel for 7 days in August as a solo traveler. Please provide details on room availability and costs. I have flexibility with my dates, so any date in August works. Your guidance is valuable.
Attachments:
  • image001.png

Headers

Key Value
Receivedby mail-oi1-f195.google.com with SMTP id 5614622812f47-3d55cfebcc5so2485446b6e.2 for <aschmoyer@bellpartnersinc.com>; Wed, 03 Jul 2024 07:03:15 -0700 (PDT)
Arc-Seali=1; s=201903; d=dkim.mimecast.com; t=1720015404; a=rsa-sha256; cv=none; b=TFzPikUteleHA/fdYwsGK1+Yfb2b3E1ABedsl/+xAM9RvL7uZyZWkstX3teYpnaMjZrA0v 7dZi3bJa8CsI5aFUpRo8zCLV9OTmhdASFniVL7gWUH77aY373KrwUkqN6pkgoS7cxAes/W 7lZ7rpqBEQP6XvC8tsNuA+vwGLbddLwqaGYYdKHnyb6IqpfkRrTfs4Gg7ONUQQWN60RjOw fc8SNB/gnMgtmS/qvZ9mjH/tTrmO+ceu5hD6890ACEvbH8RPh81QvDvtAtH4L8JEBjG9X5 Wlx810blrQvKPBm28Q7QIgXpIP997PNY91dSwVUYxI3d6IRZExw+eNeW5L5T0w==
Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=dkim.mimecast.com; s=201903; t=1720015404; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NSqMwhUICMU1iWhVleEnK5QAi3ttL+Mqw6Rf8OZldpU=; b=X9eCHkzZlMCkmwYZmBOmNQuesHnakJiqTPWxnsnT3mdXVJKg4MkZg/1JYJ5DSIOlCbGh3u dc2LtQJe7zT7YFWYvJqdzanc7dHU5nLzIdYt+McdQQKniNY3d7vJHHN/TODUE5HfBz7nZ8 XYUSoA28MJiKPCXgOcwMBmueMr+kqEwcopEYdENjB24xYZnoEycCSai7ex0iCHSt7L54WZ GGzVAYhO7HHtshdLg3Sju/eRlETxShe8OE/R3bARZ4/ttPS/uDDOGGc6wX8YP4tQjE88k2 Ahn86HtFfnjQQLBdQ+2lN9skgN/YTdHBdCv2VwXQ4+TxRGP2ha5jPjfkw/HR3g==
Arc-Authentication-Resultsi=1; relay.mimecast.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=NaVsQqps; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (relay.mimecast.com: domain of alke9398@gmail.com designates 209.85.167.195 as permitted sender) smtp.mailfrom=alke9398@gmail.com
Authentication-Resultsspf=pass (sender IP is 209.85.167.195) smtp.mailfrom=gmail.com; dkim=fail (body hash did not verify) header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass reason=100
Received-SpfPass (protection.outlook.com: domain of gmail.com designates 209.85.167.195 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.167.195; helo=mail-oi1-f195.google.com; pr=C
Authentication-Results-Originalrelay.mimecast.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=NaVsQqps; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (relay.mimecast.com: domain of alke9398@gmail.com designates 209.85.167.195 as permitted sender) smtp.mailfrom=alke9398@gmail.com
X-Mc-UniqueVILfcHuBNw-eF-BpnmAZqw-1
Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720015395; x=1720620195; darn=bellpartnersinc.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=rH5ESGY9trA9EsZGtbqEIu7q55gRhaHAldzsBxNa7mU=; b=NaVsQqps8nrsDr1OoJVlTAGoNwInQ6peffe7CI7pDKG6u46qnUop6J9Gin2/Y2lHvX 21EV6Ui5M03vjq9Q/C3VaQnEUxSavftd51j7K5Zf4Bk/tsQEr95TL86BtsehTDfDiAiM /cdzOj/3F6x91s/LRV1cR8+sbpuBbfpyEM3mv5Xt072nMP0UovrFbdrIos3FqfG8/Xmv crqbhug+u+mf0clxOIYaoKnzexofhMLx8uwq/ABjjJnPQWOaEX34uQO3zjOfmQaDZ1jD yHFjX/k37Agj1O/3NvxzSyvORXpFreTiKvZ0CbWS5fDJ8nJ5oIKdBYUavSzAiETUOmIj VEpg==
X-Google-Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720015395; x=1720620195; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rH5ESGY9trA9EsZGtbqEIu7q55gRhaHAldzsBxNa7mU=; b=cRuehuBt8fal7ckqnCX+cBAdD8TuB5zHUiVfQW0Jwy5HSWhySFDoeB/B0wxhINXhHX mAIsiunPDtLa7Py58JREbHqaSVcp/IHBWwdCOfCK44QO2gymP9HBffGoldWdVDuA3IJQ yXgVyT08lKec+Vj15kbKZtUbBwCCm3CgR1wYS07HExviSf40B9D+Y3Ut/VmBiYIP8CQr kGU21vUeTkmgwU1laO9j6O2Ow746S9635fLnKHgN3Ag9cQXXy85ssjVzSodsLBaucDVA B3epag3Mjj26oEaqOE1Qs4qgEP8fiZv16TXbFzmy/TbdOxIrtLmNJQySh8LOgJO0f+0w f78A==
X-Gm-Message-StateAOJu0YzwCwBAH2tdYPm24CkzJ84Qo8MM1W1GSG2HqB77jEVJQwSbET0A MT/WNwlsRwQui6ir0nh/tiJy7qi410gFW0879WWXrlv9ryjDGkudIm9eaDuxabbklMSO4VYZa/h JjXqtQmjUwelBs0fbYZNAaOyrR7VgkWKT0c0eX58jGdAPPw==
X-Google-Smtp-SourceAGHT+IF1TMXjOl4G1FN1KyU+wgHbvaBPRShu320y4FqAp/YgLtKCS+lUjyqIfDdX+XUE3SUNEmmDzeXDH7QNm1+3WYg=
X-Receivedby 2002:a05:6808:f92:b0:3d6:32b4:b8ee with SMTP id 5614622812f47-3d6b4de2888mr11228001b6e.39.1720015394328; Wed, 03 Jul 2024 07:03:14 -0700 (PDT)
MIME-Version1.0
References<CA+_wSU2U_7LGSCKfLuMoTsP2j-iB7_XNiLeG6aypMPi7A6fPfg@mail.gmail.com> <DM4PR08MB8193A50FD99871F0BFF2AB67BEDD2@DM4PR08MB8193.namprd08.prod.outlook.com>
In-Reply-To<DM4PR08MB8193A50FD99871F0BFF2AB67BEDD2@DM4PR08MB8193.namprd08.prod.outlook.com>
FromAlke <alke9398@gmail.com>
DateWed, 03 Jul 2024 16:03:03 +0200
Message-Id<CA+_wSU27ArTkMqQtTD5jdM3wQzJtZATjOtJDxT1drkxv26Mi9g@mail.gmail.com>
SubjectRe: [EXTERNAL] Can you give me information about the different room categories that you have at your hotel?
ToAbby Schmoyer <aschmoyer@bellpartnersinc.com>
X-Mimecast-Spam-Score-2
X-Mimecast-Impersonation-ProtectPolicy=Impersonation Protect;Similar Internal Domain=false;Similar Monitored External Domain=false;Custom External Domain=false;Mimecast External Domain=false;Newly Observed Domain=false;Internal User Name=false;Custom Display Name List=false;Reply-to Address Mismatch=false;Targeted Threat Dictionary=false;Mimecast Threat Dictionary=false;Custom Threat Dictionary=false
Return-Pathalke9398@gmail.com
X-Ms-Exchange-Organization-Expirationstarttime03 Jul 2024 14:03:25.1569 (UTC)
X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
X-Ms-Exchange-Organization-Network-Message-Id331d5adf-3275-4012-e84b-08dc9b68e808
X-Eopattributedmessage0
X-Eoptenantattributedmessage7ba566b9-eb1e-462c-b923-57bac7bc136e:0
X-Ms-Exchange-Organization-MessagedirectionalityIncoming
X-Ms-Exchange-Skiplistedinternetsenderip=[209.85.167.195];domain=mail-oi1-f195.google.com
X-Ms-Exchange-Externaloriginalinternetsenderip=[209.85.167.195];domain=mail-oi1-f195.google.com
X-Ms-PublictraffictypeEmail
X-Ms-TraffictypediagnosticBN3PEPF0000B372:EE_|LV8PR08MB9175:EE_|DM4PR08MB8193:EE_
X-Ms-Exchange-Organization-AuthsourceBN3PEPF0000B372.namprd21.prod.outlook.com
X-Ms-Exchange-Organization-AuthasAnonymous
X-Ms-Office365-Filtering-Correlation-Id331d5adf-3275-4012-e84b-08dc9b68e808
X-Ms-Exchange-AtpmessagepropertiesSA|SL
X-Ms-Exchange-Organization-Scl-1
X-Microsoft-AntispamBCL:0;ARA:13230040|5063199012|4073199012|7093399012|22003199012|82310400026|5073199012|83080400003
X-Forefront-Antispam-ReportCIP:205.139.110.120;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:mail-oi1-f195.google.com;PTR:mail-oi1-f195.google.com;CAT:NONE;SFS:(13230040)(5063199012)(4073199012)(7093399012)(22003199012)(82310400026)(5073199012)(83080400003);DIR:INB
X-Ms-Exchange-Crosstenant-Originalarrivaltime03 Jul 2024 14:03:25.0788 (UTC)
X-Ms-Exchange-Crosstenant-Network-Message-Id331d5adf-3275-4012-e84b-08dc9b68e808
X-Ms-Exchange-Crosstenant-Id7ba566b9-eb1e-462c-b923-57bac7bc136e
X-Ms-Exchange-Crosstenant-AuthsourceBN3PEPF0000B372.namprd21.prod.outlook.com
X-Ms-Exchange-Crosstenant-AuthasAnonymous
X-Ms-Exchange-Crosstenant-FromentityheaderInternet
X-Ms-Exchange-Transport-CrosstenantheadersstampedLV8PR08MB9175
X-Ms-Exchange-Transport-Endtoendlatency00:00:04.1089247
X-Ms-Exchange-Processed-By-Bccfoldering15.20.7698.013
X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)
X-Microsoft-Antispam-Message-Infoo8djh5C0cY5nbU9g8L5PDeeWYWhX54otbcgQO4K3atNtK/rvT9fELjBy/OhL1N6XaZwCE22MWOR26sslTzlhkk22hmF8E5hB+Czu8mb6FFCfDxliAsCS4QLdXXj04lwlZZbpMh5mFShwvuuoambidkTtyYChvLLMu+zI0+87K5M/Eyl9OjYhwRg2Jj0iQm8bjyOncpoE1SxM703a1ei3khYA8JfCMfRAvmFe1MIcQnM5Pywx+2ySTazocimhlIt+QAO/GzzT5Wl5SdTaCD0JObpuajVyXNd0OXHbgvIQMkPWF+rdP9/niPiWj6fo1OwPuZs2s1CyvMiksnD+08oYao/Ia3xIrXGrHINAp2FNEuhUmeT2JAp3B8VxpYDJztBJMHUS7WRwnUOJrU5SuyWcs5dTfCLX9WxchYl7hGzFQcZ6JVAIysZzN9/nXzxD9x7bB5qXxEBTPaT2SHFeg722FQulgbpH1K6DJz35tXiF/sYCRhW7yojf8SWY0GlWCRgdjiCIgzFhLwRvBum0VcI/U6+PqSuukC9T7Z9OPYGlxOAFi2xIDrC9H/nFzqH7cPMdNeQUoNsjLs8f1E3It1Vc4COJowftqJMV6lfiHfSXnbIpey8sKnhSXVY1tFmyR3L/As+QOPRY20hnFJ3pXoLip/qEWf6Bsf3hvvvsZgQM/4Y1hUTUPaGuYdky8GvjrMDXt2QslhLZv84+fYFI2D8N/K94qL54SVD1RbOYs7/Zt27SRoQPXQkW2TB/omQx755taFI9whowWj/USu5nkpyMzCVyxY4+V3tUCLUVdb9+6iuk2L0rVEGXEG2En1Rec3Js6UzK9Gec8VpfOhVSX8YX6tGR/X9n0Ptl3eUeCa0AJpyam3u8on4kyPFhPnPnFUBVkz2C3C/VMbm2RMj1PmanY1m97eeEuWck3WR1IBmjFhRcrORNLVZlwpeRqYjbFsJQwu5 4WFYe7V5c6lHdxIkWaIYluIcyYYXmTuk5zHz87SMF2o3LYRWcmz7YWmo5Z0Gsxdnd1gBbhzOIyPlPuznbVZ6rJPZT9qfMNyl4vh52jKfYawhNgCiwNgY49e0NvcBxZLtSODrpBJfd0K2KrCOPyAKU34D14aEu2ytvlRWheL7xJNP31vPFHZJgHqiRxlYfEw3eAAsB96MoHIPTnGlOWxU0jUujGmj0jLDwj7/OnEV66vwe9mI0kxrnlYaPFeI+MsfcpiVothIijT3Uh4RlCKDThneaki4fjx96YiUblsKC/X2yskoiuSskdRMdcUV8NP72HJQoEy6DSZ9g4XkLi2lE7j8UcYbsM6XhHSxiRhnjWcpr6jGt+YtUL4u9gYz0cbzRSBpq9MmFUJjxJDz24ZPVoOt3dg0aR6bf+DHaE0exMEbF/ZUhaIm2m8YNJTDay4hltf4nZzeHuRacDnJ9j5j2lHtHriwbI7OpWpr/3T/9fiMHLMODN6OqDzB5gjqCTgZ80v52GLACaOu6fP7yRCLpb1wAdj79dZLGi3A13og8z0eRpjdCKyOltIpEXbN8sDOPiN3v3gnB9W4jKBm28rrdjUzKc7U7YzTCRKF3qNx+GtjLwggl+1t0KYCAg6ib0FWIfrJwp3MlC/XKGhUx/5pQYyitPPlb3Rlpa3w8ndb3kejmaTWfOh08gtY6Hw8E06xe+eYRBJ5uiwIzYl0v+81oslndZ1JBJKV5l5t5/qwj+ZgiMW4+LgiboyWK1CIOHHtmhyJSlVJneuIWmFCa06D0ZE9deKl/HfuqRu0HQKBRDeFfokUMXteEzd/2MbMi2mRLgUa0d5YN3l0/jJSX06Jc5DG5XKlyWtX1ypqTHLEV3Stk9SYmusHADxpJMwRIL6LCqrBXCA6wU7gm5frap6Op/w3y/8W2sjxZNvKkNAeI581UyBGpdI05sm1KL+b2pt757npG3pLiNcerFCQZMu2xU82GUGb4f8IdfS5e FCO3HFKKGdQ6w9SpmBgymxW2Y3JLVb88v4kX2iRyUvmuG3obCUQmYCIy9xCD9FMwBVLKbF+r+QFXXyIibYrNfEsWd8Dd4Vbs+qUHWDONNGrWCxTSSf+5nIEUDMcJBYYwju57fyKtAURzcEnFofh+ULlRGSkc5/lwSG+Rb3UNA0pb7rKTZt+lYdvt8Vp9BmvkLGVBVvZhDK+kf427kcAEc+RA9iMs7F4HGa9o3Rk/nMTbjddYqZJ4rrRhEXudNZjbAZKfR1nZvS7lRHy+5oQo7+oa6x6TgsnQDoLl3RzvJw/Oq+dN+TKQ68KqG3HbtE1U0rn57PMJYycL+eJhx9LfEgXMyGBBrQiimeEB1+41oYekgMYfx+0mnoF9GldzVq4syMVS3O9CCw1/oadO8ZSGiF5LHInzyAqcJuVeY4QzSIty0bG7JYhtL2ygTSWBzA6bg5IHRhC8D2q0T6X4gQGHFEgxOJEULBUV8qVWCdRnWUTOr7gRyw9U0vwZcNN8aRMxzqVLw3eRKRS9War5Gbqc2ofMnr4su824DxUZuy8Oy08IFuBQV/to6qOuTye9ixEJZIjI4F0M1XhPhS7n2US0ciSVeutaLRTT/E0ciocgBgpt3TQDim1YXXeXLoIZF3IUks5tLxYEiROtD0AscNpD7bClOW0PSm9Xrj6zo+P9VnZDqSaHp3NgA+907mkpf0qgzNyMDHR2XUYvHMUKxK5cSxpBgstwTbt8lb99Vo09r1k8WNFHzpz3kCeq4pNge9VpVm8glvGJC7B2vWqBtzyWojp8Hhswsaborwpgya/l2ekhWOVSaf08GARGo7xuqRocQ+E=
Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17200155244330.29638628397874056"

File Icon

Icon Hash:46070c0a8e0c67d6

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:10:31:27
Start date:03/07/2024
Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Wow64 process (32bit):true
Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0 (25).eml"
Imagebase:0xe60000
File size:34'446'744 bytes
MD5 hash:91A5292942864110ED734005B7E005C0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:2
Start time:10:31:30
Start date:03/07/2024
Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "035FD134-91F4-4682-B8B5-0EEB02DE1317" "6E504909-1D22-4A2D-A259-77B2B9178B5E" "4128" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Imagebase:0x7ff64f3a0000
File size:710'048 bytes
MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

Disassembly

No disassembly