Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
original (3).eml

Overview

General Information

Sample name:original (3).eml
Analysis ID:1467266
MD5:6a355be7977ee47446f4cadb3d50f2f0
SHA1:bab232f4c040f581bbd42a9654d7a6059dac2749
SHA256:c0fec241ae73edaf55983ed388ad3921bcd2e891746fab31fa5fbb521fd52091
Infos:

Detection

Score:23
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected suspicious e-Mail
Creates a window with clipboard capturing capabilities
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Office Macro File Download
Sigma detected: Outlook Security Settings Updated - Registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 7104 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original (3).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3596 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A6D2B288-6077-4C14-AE57-DD0B0FE89F6A" "71A40D80-C708-481A-9B73-03E6FDC1BAC4" "7104" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
    • OUTLOOK.EXE (PID: 6584 cmdline: "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\phish_alert_sp2_2.0.0.0.eml" MD5: 91A5292942864110ED734005B7E005C0)
  • Music.UI.exe (PID: 6616 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca MD5: F963F75C0AD152437E10D656A00793A3)
  • Music.UI.exe (PID: 7724 cmdline: "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca MD5: F963F75C0AD152437E10D656A00793A3)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7104, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Office Macro File Download
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7104, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7104, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder
Sigma detected: Office Macro File Creation
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7104, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: settings-ssl.xboxlive.com
Source: global trafficDNS traffic detected: DNS query: grooveuwavideos.streaming.mediaservices.windows.net
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASS
Source: classification engineClassification label: sus23.winEML@7/35@3/15
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1744490704-7104.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.ini
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\original (3).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A6D2B288-6077-4C14-AE57-DD0B0FE89F6A" "71A40D80-C708-481A-9B73-03E6FDC1BAC4" "7104" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "A6D2B288-6077-4C14-AE57-DD0B0FE89F6A" "71A40D80-C708-481A-9B73-03E6FDC1BAC4" "7104" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\phish_alert_sp2_2.0.0.0.eml"
Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\phish_alert_sp2_2.0.0.0.eml"
Source: unknownProcess created: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe "C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe" -ServerName:Microsoft.ZuneMusic.AppX48dcrcgzqqdshm3kf61t0cm5e9pyd6h6.mca
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: sharedui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: concrt140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: concrt140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: esent.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.system.profile.retailinfo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.applicationmodel.lockscreen.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wincorlib.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: lockappbroker.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: powrprof.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: umpdc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.phone.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: twinapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.playback.mediaplayer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfplat.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rtworkq.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.mediacontrol.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mmdevapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: devobj.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfmediaengine.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: audioses.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.devices.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.playback.proxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: comppkgsup.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msftedit.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: globinputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.devices.enumeration.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: devdispitemprovider.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ddores.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: defaultdevicemanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msxml6.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.web.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wpnapps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wuceffects.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wininet.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.networking.backgroundtransfer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winhttp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mswsock.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winnsi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: biwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dnsapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: photometadatahandler.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: schannel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vaultcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfsrcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ksuser.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: avrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rsaenh.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winmmbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msacm32.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: resampledmo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msdmo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: gnsdk_fp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dwmapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d3d11.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: sharedui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vccorlib140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msvcp140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: concrt140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dxgi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vcruntime140_app.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coremessaging.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: bcp47langs.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: iertutil.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dcomp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wintypes.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositorycore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: textinputframework.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: inputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: propsys.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ntmarta.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: uxtheme.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: urlmon.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: srvcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: netutils.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rometadata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d3d10warp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dxcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: d2d1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dwrite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.applicationmodel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: esent.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: textshaping.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.storage.applicationdata.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.storage.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wldp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mrmcorer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositoryclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: logoncli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: profapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: appxdeploymentclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: bcp47mrm.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.controls.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.shell.servicehostbuilder.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: execmodelproxy.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rmclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: uiamanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.core.textinput.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.immersive.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dataexchange.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: threadpoolwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.globalization.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.system.profile.retailinfo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.applicationmodel.lockscreen.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wincorlib.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: lockappbroker.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: powrprof.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: umpdc.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.graphics.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.ui.xaml.phone.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: twinapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.playback.mediaplayer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfplat.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rtworkq.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.mediacontrol.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mmdevapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: devobj.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfmediaengine.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: xmllite.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: audioses.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.devices.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.media.playback.proxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: comppkgsup.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: directmanipulation.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msftedit.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: globinputhost.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.web.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msxml6.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wpnapps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfnetcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: secur32.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: sspicli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msv1_0.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ntlmshared.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptdll.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wdigest.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: cryptsp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rsaenh.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.devices.enumeration.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: devdispitemprovider.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wininet.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ddores.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: userenv.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: profext.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: defaultdevicemanager.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: wuceffects.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winhttp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mswsock.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winnsi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dnsapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.networking.backgroundtransfer.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: gpapi.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: biwinrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: photometadatahandler.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfsrcsnk.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mfcore.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ksuser.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: avrt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: winmmbase.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msacm32.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: vaultcli.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: resampledmo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: msdmo.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: gnsdk_fp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: schannel.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ntasn1.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ncrypt.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeFile opened: C:\Windows\SYSTEM32\msftedit.dll
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Persistence and Installation Behavior

barindex
AI detected suspicious e-Mail
Source: e-MailLLM: Score: 8 Reasons: The email contains several indicators of phishing. Firstly, the sender's email address (non-mail-user@plateauvm.com) is unusual and does not clearly represent a well-known brand, which is a common tactic in phishing attempts. Secondly, the email includes a warning that it originated from outside the organization, which is a red flag for potential phishing. Additionally, the email header suggests that the message is not commonly received by the recipients, which can indicate a phishing attempt. The email also contains a link with a vague description ('Learn why this is important'), which could lead to a malicious website. These elements combined suggest a high risk of phishing.
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7148Thread sleep time: -259200000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7148Thread sleep time: -86400000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7148Thread sleep count: 54 > 30
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7148Thread sleep time: -4665600000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7148Thread sleep time: -86400000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7772Thread sleep count: 49 > 30
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7772Thread sleep time: -4233600000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7772Thread sleep time: -86400000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7772Thread sleep count: 80 > 30
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7772Thread sleep time: -6912000000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe TID: 7772Thread sleep time: -86400000s >= -30000s
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeFile opened: PhysicalDrive0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbtmp.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00002.jrs VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Resources\Fonts\SegMVR2.ttf VolumeInformation
Source: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exeQueries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote Services1
Clipboard Data		1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		2
Virtualization/Sandbox Evasion		LSASS Memory2
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets23
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
settings-ssl.xboxlive.com
unknown
unknownfalse
    		unknown
    grooveuwavideos.streaming.mediaservices.windows.net
    		unknown
    		unknownfalse
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      52.113.194.132
      		unknownUnited States
      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      20.189.173.17
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      23.35.228.10
      		unknownUnited States
      		6461ZAYO-6461USfalse
      95.101.148.7
      		unknownEuropean Union
      		20940AKAMAI-ASN1EUfalse
      52.109.68.130
      		unknownUnited States
      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1467266
      Start date and time:2024-07-03 23:44:21 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:22
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:original (3).eml
      Detection:SUS
      Classification:sus23.winEML@7/35@3/15
      Cookbook Comments:
      • Found application associated with file extension: .eml

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe
      • Excluded IPs from analysis (whitelisted): 52.113.194.132
      • Excluded domains from analysis (whitelisted): ecs.office.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, s-0005-office.config.skype.com, ecs-office.s-0005.s-msedge.net
      • Report size getting too big, too many NtOpenKey calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtProtectVirtualMemory calls found.
      • Report size getting too big, too many NtQueryAttributesFile calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtSetValueKey calls found.
      • VT rate limit hit for: original (3).eml

      LLM Input / Output

      InputOutput
      URL: e-Mail Model: gpt-4o
      ```json{  "riskscore": 8,  "brand_impersonated": "Unknown",  "reasons": "The email contains several indicators of phishing. Firstly, the sender's email address (non-mail-user@plateauvm.com) is unusual and does not clearly represent a well-known brand, which is a common tactic in phishing attempts. Secondly, the email includes a warning that it originated from outside the organization, which is a red flag for potential phishing. Additionally, the email header suggests that the message is not commonly received by the recipients, which can indicate a phishing attempt. The email also contains a link with a vague description ('Learn why this is important'), which could lead to a malicious website. These elements combined suggest a high risk of phishing."}

      Created / dropped Files

      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):231348
      Entropy (8bit):4.38601212204794
      Encrypted:false
      SSDEEP:
      MD5:EFD2D4B2D9B8D2BA92C08F036B5FCC21
      SHA1:04FC32E42DC20602AFAF867089746F9A88BA1E75
      SHA-256:3EFE34DA322C09227DCA85F95B557E9AC6F1A29FF617EF6A4279C114DCF9BB6E
      SHA-512:42A1811375311BBFD6895718B33132F4BB98D7C4B5A6C8C69341B4024EB709B8DA5951CEC545069BC1CC1D2DF0C159BE1AFCB32F592C9757E06042EE4BF859F8
      Malicious:false
      Reputation:unknown
      Preview:TH02...... ..3.1........SM01X...,.....1............IPM.Activity...........h...............h............H..hT.......&..D...h.........^..H..h\cal ...pDat...h....0..........hv../...........h........_`Rk...h:../@...I.lw...h....H...8.Wk...0....T...............d.........2h...............k..D...........!h.............. h...h.........#h....8.........$h.^......8....."hX.............'h..............1hv../<.........0h....4....Wk../h....h.....WkH..h....p...T.....-h .............+h.../....H....... ........... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.u..Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.CampaignStates.json

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:JSON data
      Category:dropped
      Size (bytes):1538
      Entropy (8bit):5.170046666246265
      Encrypted:false
      SSDEEP:
      MD5:F903C4A051E8AA36E9E085B08D1BC55E
      SHA1:FF9AF9BBA28D4F3FF2238A64425CABE8123250AB
      SHA-256:59D97433D58543D3CAE4BFDF9AC0DC6990A99BFB10D118B0D62D32DA15D30968
      SHA-512:7B9A526C71B8DF94CF6556AB827C07E2265ACF6F81B4A12B3303ACCD6601C92735ECAA0F4AD5DC054FD1E7EA19B29FC220F41213822CD04E71DC27FDA8C9027B
      Malicious:false
      Reputation:unknown
      Preview:{"CampaignStates":[{"CampaignId":"398f8b35-ef06-4a2b-a5dc-d85540d6fff3","LastNominationTimeUtc":"2023-10-06T09:25:18Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"7e1f72bd-2c13-423b-93cf-2786588bccbb","LastSurveyStartTimeUtc":"2023-10-06T09:25:18Z","LastSurveyExpirationTimeUtc":"2024-10-05T09:25:18Z","LastCooldownEndTimeUtc":"1601-01-01T00:00:00Z"},{"CampaignId":"8a42827d-29d2-473e-998e-3217724c5b68","LastNominationTimeUtc":"2023-10-06T09:25:18Z","LastNominationBuildNumber":"16.0.16827.20130","DeleteAfterSecondsWhenStale":31536000,"ForceCandidacy":false,"IsCandidate":true,"DidCandidateTriggerSurvey":false,"LastSurveyActivatedTimeUtc":"1601-01-01T00:00:00Z","LastSurveyId":"0bb7f335-0b8a-4926-bb93-540e4e5b86c8","LastSurveyStartTimeUtc":"2023-10-06T09:25:18Z","LastSurveyExpirationTimeUtc":"2024-10-05T09:25

      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.GovernedChannelStates.json

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:JSON data
      Category:dropped
      Size (bytes):740
      Entropy (8bit):4.578658879460996
      Encrypted:false
      SSDEEP:
      MD5:439A34DE8DA5C04AF25AADB84A2120D4
      SHA1:F12F9FF6E03A5762BD03061557029446680B1DAE
      SHA-256:32B560C75C25C6F56C0439F67A3FA7D4F271F07B435EE41575A3D82C6C612880
      SHA-512:BE704CD0DF8041945D16B8103135650B33D5E97D6F7C202E9C9499C3AE57E33855C2CC3A8F73B578DB482F47026C756F1FAA411A2CC58B5E53CE23CD24229834
      Malicious:false
      Reputation:unknown
      Preview:{"ChannelStates":[{"ChannelType":0,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1209600},{"ChannelType":1,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":2,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":3,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":3600},{"ChannelType":4,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":10800},{"ChannelType":5,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":7776000},{"ChannelType":6,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1800},{"ChannelType":7,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":0},{"ChannelType":8,"CooldownStartTimeUtc":"1601-01-01T00:00:00Z","Cooldown":1209600}]}

      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.Settings.json

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:JSON data
      Category:dropped
      Size (bytes):87
      Entropy (8bit):4.576828956814449
      Encrypted:false
      SSDEEP:
      MD5:E4E83F8123E9740B8AA3C3DFA77C1C04
      SHA1:5281EAE96EFDE7B0E16A1D977F005F0D3BD7AAD0
      SHA-256:6034F27B0823B2A6A76FE296E851939FD05324D0AF9D55F249C79AF118B0EB31
      SHA-512:BD6B33FD2BBCE4A46991BC0D877695D16F7E60B1959A0DEFC79B627E569E5C6CAC7B4AD4E3E1D8389A08584602A51CF84D44CF247F03BEB95F7D307FBBA12BB9
      Malicious:false
      Reputation:unknown
      Preview:{"ShouldFloodgateTakePrecedenceOverRateAndReview":false,"AreRatingSurveysEnabled":true}

      C:\Users\user\AppData\Local\Microsoft\Office\16.0\Floodgate\Outlook.SurveyHistoryStats.json

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:JSON data
      Category:dropped
      Size (bytes):14
      Entropy (8bit):3.378783493486176
      Encrypted:false
      SSDEEP:
      MD5:6CA4960355E4951C72AA5F6364E459D5
      SHA1:2FD90B4EC32804DFF7A41B6E63C8B0A40B592113
      SHA-256:88301F0B7E96132A2699A8BCE47D120855C7F0A37054540019E3204D6BCBABA3
      SHA-512:8544CD778717788B7484FAF2001F463320A357DB63CB72715C1395EF19D32EEC4278BAB07F15DE3F4FED6AF7E4F96C41908A0C45BE94D5CDD8121877ECCF310D
      Malicious:false
      Reputation:unknown
      Preview:{"Surveys":{}}

      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):32768
      Entropy (8bit):0.04513718943963721
      Encrypted:false
      SSDEEP:
      MD5:3C86660E0DA530F63812744191FA152D
      SHA1:B5445711D377FCEC7E23F04BFDA8633569481312
      SHA-256:77F135156F97DFA448DAE5D39D1D20E50A24FCF9AFC14F46AFDD4A2FC2975CB3
      SHA-512:6119EC1A5312F73D25964D49F7BEB4234EEF5BD564C90ED3A06ADF20DD612C09D21535485B61768EE36E9DB20ED6807447ACED631A08E758B22104352F076781
      Malicious:false
      Reputation:unknown
      Preview:..-.........................QC.......c..X.T......-.........................QC.......c..X.T............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:SQLite Write-Ahead Log, version 3007000
      Category:dropped
      Size (bytes):49472
      Entropy (8bit):0.4838419032672218
      Encrypted:false
      SSDEEP:
      MD5:08636DC5180B6362C2EF7122C22637D6
      SHA1:D8C63A231CA37F5C93441AE179AD5DC23C72150C
      SHA-256:8185187B5488C13E46EC902BE5D4B9E3F77EA426E8607DB51D7292C27EB783D8
      SHA-512:EC9236B34E3FAC6C56B6A260AF8FF77675BC33FA237D1E8C73EE22CDC34B3F5218162045A8F438006E3981036D29CFBA5B08ECF84149B567C2D2824983BFBEE7
      Malicious:false
      Reputation:unknown
      Preview:7....-...............c..if./.`...............c..AZ~!Tn.)SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\message (002).wav

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:RIFF (little-endian) data, WAVE audio, ITU G.711 mu-law, mono 8000 Hz
      Category:dropped
      Size (bytes):16538
      Entropy (8bit):2.268047598645287
      Encrypted:false
      SSDEEP:
      MD5:389E5E34CDF44C0CA54233708459580C
      SHA1:AC12D9E0315D9323F520FBB5F4E090918754C797
      SHA-256:757EF11527A1BBE629896EA9B38C2F3D0E3AEC96CE3DCB80F67340D2A27824EE
      SHA-512:42D30D4B1EFB916BB61776F22DC53B9D33DE143E92B2E5B661AF6905E59E74929FAC13DAE2A22152FEE642DAD05516B1A8C99FEB2F863D617924FADCF31BDDD0
      Malicious:false
      Reputation:unknown
      Preview:RIFF.@..WAVEfmt ........@...@.........fact....`@..data`@...{..~.......|{|{zz~z..w.~~....~...{}.~~{y}|.~..z..}....x..~.......x..{.|.z|}..y....{..}{.vv~{.wz.{}.......y.yx.wz|}|....|.~..~........~.~z~}zvw}yz|~}|..}.....z..|.x~z}.w..~.y.~|..........{|zy}x{.}z..|}.}..}}~.~..........~|{|~.~.~}..}}~~}~~}|}|~}~~~.....~~~~..........~~|}|~~~}}~.........................~|{|~}|{~..~~.~~~.~|||}.~~}||{~}}.~..~~~~}....~....~.}|}.~~....}.........~|{{||z{z}}||}}~~~..~....}.....~~..~~.~|~~}.~}|}||{}..~~}}...}}|||~~~.....~.~..........~....}||}~~.~...~..}...~}~........~...............~.~.......~~}{}.........~.......~.................~..{.....~..~.||~||v.|}}y.~.~..z.}~.....~....{{}u.~w}~}............}.}z.z||~.|..~~}{{~~.~.||.}..|...~....}............{..{|}z|}z||{|{|{~~.................~}..~~~~~~..}}}}||~}}~}..~~..}.~.......~............~...}z|}{}|..~.}}~........}~..~.........~~~}....~.......~}.~z|}..{}.}~~~.............~~.|}.}|~~}..~.....~}}.......~}.........~..}~|}.~}}}}.............~~~..}}}.~~....~~.~~~|

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\message (002).wav:Zone.Identifier (copy)

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:RFC 822 mail, ASCII text, with very long lines (2157), with CRLF line terminators
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:0672283A2C06DD66C035264F7F807875
      SHA1:8899E59D40FFBEBE4474B9C0A0A22B0059FEB069
      SHA-256:C00E15095EB064C4DCD3C0DD91C1C605B819400834DBCE386243A60A9816BA9E
      SHA-512:278A8EFC839C37B591148DAE594CBA6165B9773624918B8533C915EB73D1FB40117247CFE08024BC141CC7D1F88CDD7C9AF9A2DA92F635CF315990268149DE85
      Malicious:false
      Reputation:unknown
      Preview:Received: from IA0PR15MB5791.namprd15.prod.outlook.com.. (2603:10b6:208:406::11) by SJ0PR15MB4342.namprd15.prod.outlook.com with.. HTTPS; Tue, 2 Jul 2024 16:15:32 +0000..Received: from BYAPR05CA0104.namprd05.prod.outlook.com.. (2603:10b6:a03:e0::45) by IA0PR15MB5791.namprd15.prod.outlook.com.. (2603:10b6:208:406::11) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.25; Tue, 2 Jul.. 2024 16:15:26 +0000..Received: from CO1PEPF000066E6.namprd05.prod.outlook.com.. (2603:10b6:a03:e0:cafe::de) by BYAPR05CA0104.outlook.office365.com.. (2603:10b6:a03:e0::45) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.25 via.. Frontend Transport; Tue, 2 Jul 2024 16:15:26 +0000..Received: from plateauvm.com (74.50.129.204) by.. CO1PEPF000066E6.mail.protection.outlook.com (10.167.249.4) with Microsoft.. SMTP Server id 15.20.7741.18 via Frontend Transport; Tue, 2 Jul 2024.. 16:15:25 +0000..Receiv

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\phish_alert_sp2_2.0.0.0 (002).eml:Zone.Identifier

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):26
      Entropy (8bit):3.95006375643621
      Encrypted:false
      SSDEEP:
      MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
      SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
      SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
      SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
      Malicious:false
      Reputation:unknown
      Preview:[ZoneTransfer]..ZoneId=3..

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\NML8VMVN\phish_alert_sp2_2.0.0.0.eml

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:RFC 822 mail, ASCII text, with very long lines (2157), with CRLF line terminators
      Category:dropped
      Size (bytes):31765
      Entropy (8bit):3.9906704496503136
      Encrypted:false
      SSDEEP:
      MD5:0672283A2C06DD66C035264F7F807875
      SHA1:8899E59D40FFBEBE4474B9C0A0A22B0059FEB069
      SHA-256:C00E15095EB064C4DCD3C0DD91C1C605B819400834DBCE386243A60A9816BA9E
      SHA-512:278A8EFC839C37B591148DAE594CBA6165B9773624918B8533C915EB73D1FB40117247CFE08024BC141CC7D1F88CDD7C9AF9A2DA92F635CF315990268149DE85
      Malicious:false
      Reputation:unknown
      Preview:Received: from IA0PR15MB5791.namprd15.prod.outlook.com.. (2603:10b6:208:406::11) by SJ0PR15MB4342.namprd15.prod.outlook.com with.. HTTPS; Tue, 2 Jul 2024 16:15:32 +0000..Received: from BYAPR05CA0104.namprd05.prod.outlook.com.. (2603:10b6:a03:e0::45) by IA0PR15MB5791.namprd15.prod.outlook.com.. (2603:10b6:208:406::11) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.25; Tue, 2 Jul.. 2024 16:15:26 +0000..Received: from CO1PEPF000066E6.namprd05.prod.outlook.com.. (2603:10b6:a03:e0:cafe::de) by BYAPR05CA0104.outlook.office365.com.. (2603:10b6:a03:e0::45) with Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.25 via.. Frontend Transport; Tue, 2 Jul 2024 16:15:26 +0000..Received: from plateauvm.com (74.50.129.204) by.. CO1PEPF000066E6.mail.protection.outlook.com (10.167.249.4) with Microsoft.. SMTP Server id 15.20.7741.18 via Frontend Transport; Tue, 2 Jul 2024.. 16:15:25 +0000..Receiv

      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BF6F62C6-C45C-46C8-90C0-9EC5B8E2B5EA}.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):1604
      Entropy (8bit):1.3827709971161093
      Encrypted:false
      SSDEEP:
      MD5:9D54974A6E80D6883CAA8A5DF06B9722
      SHA1:6F206C534A8F989DAC103D2C7661092968D753E4
      SHA-256:8FE426D5A98971BA23DF26460F42F89DF81CAC6071C7A6590283A18018A42812
      SHA-512:FAD0BDA607B57DA4DC0EA55F433454C6C62D1EAB42CB5510DCD618AC624A9BFB55E6CA15B3D8C5D09D207DF715A3437F18743B97420811EBE7A242C3B82375DA
      Malicious:false
      Reputation:unknown
      Preview:......S.o.m.e. .p.e.o.p.l.e. .w.h.o. .r.e.c.e.i.v.e.d. .t.h.i.s. .m.e.s.s.a.g.e. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .n.o.n.-.m.a.i.l.-.u.s.e.r.@.p.l.a.t.e.a.u.v.m...c.o.m... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\AC\INetCache\J46RLDJS\configuration[1].xml

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):2659
      Entropy (8bit):4.926959150875136
      Encrypted:false
      SSDEEP:
      MD5:69415BBB2113097CE28402C78AAB8A1D
      SHA1:3CC52AA27D635F22434CFEAD93C27D3B5287BF2E
      SHA-256:95458051B4940AA84E142A19F4F775901CBFADC6BDEC409FC7C9DAC854FC8910
      SHA-512:03C62FF862F73046C45D6495D6E5E821ACBD228A230E6761DEE9E8A4E48F157CE3566E6E06FE8CACA73D4736B6AC78A4914855CDE4037574D8DBF86B2B2A0B54
      Malicious:false
      Reputation:unknown
      Preview:<?xml version="1.0" encoding="utf-8"?>..<clientConfiguration xmlns="http://schemas.microsoft.com/XblWinClient/2012/03" version="1">.. <targetedClient>XblWinClient</targetedClient > .. <rights>Copyright (c) Microsoft Corporation. All rights reserved.</rights> .... <configuration name="Features">.. <property name="EditorialPlaylistsEnabled" type="string" value="AU,CA,DE,FR,GB,MX,NZ,US" />.. <property name="ExploreWithGenreDetailsEnabled" type="string" value="AU,CA,DE,FR,GB,MX,NZ,US" />.. <property name="GenreRadioEnabled" type="string" value="AU,CA,DE,FR,GB,MX,NZ,US" />.. <property name="MusicPassUpsell" type="string" value="" />.. <property name="MusicPassUpsellForCollectionPDP" type="string" value="" />.. <property name="MusicPassUpsellInMixtapes" type="string" value="" />.. <property name="MusicPassInAppPurchase" type="string" value="" />.. <property name="MusicSubscription" type="stri

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.edb

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x694dc516, page size 8192, JustCreated, Windows version 0.0
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):0.11422942889150907
      Encrypted:false
      SSDEEP:
      MD5:05CA1575DF5EB401837B15511F3779CA
      SHA1:6916F9A3D655CB6CC9C9D89D80B286C43F9E8198
      SHA-256:E95424EBC5A0CECF1F3C7E20AC7B1D3C421B466A890AA19FEEA6087159FA793D
      SHA-512:5684A67E3E50A49D0506FC3B680EDE94A9DA8B404939F1C11E37DC4B932854F0906D15B86F1334872D358177DBEDD7E4F5FA3F7C051A88B8EA54FB69C43704D3
      Malicious:false
      Reputation:unknown
      Preview:iM..... .......@.......Rv(q.-...|..............................................h............................j3..-...|Y...................................................................................................................... ...................................................................................................... ........................................................................................................................................................................................................................................................-...|.1................a.}..-...|..........................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\EntClientDb.jfm

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):0.07951839716780017
      Encrypted:false
      SSDEEP:
      MD5:23075F9456CFF9CC87C537C79F4BA0FC
      SHA1:D900C09A08D6E56BF2890119F7B5F39B84D21019
      SHA-256:BB6D9285F90173825101AC926338606C44DC6F51DE7ED30639C2833F8F6354B4
      SHA-512:CE8BDF4F40737ABE89AB5DB1FDB741D13BBCEA8478D6B7264ED02A486812970C121E57DA32B0F308C38C959B939A1D473A7685F55CAAB0F3F692ECAD3B452F07
      Malicious:false
      Reputation:unknown
      Preview:........................................-...|9..-...|7..................-...|O.........y....-...|.?................^|d..-...|O.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.chk

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):8192
      Entropy (8bit):0.6103082111196501
      Encrypted:false
      SSDEEP:
      MD5:B88F0172CC809D35C9FD8E9F5B9EDD12
      SHA1:195A55D0A50F0D70C6EA9B5C4AE6C64C9C058E00
      SHA-256:C50EA45BCB61BF94E9F66BFA6D39E0CC79D6F3DAB13A68C3384BF5997D128F17
      SHA-512:DD6258BACA09056CC74D545A4DF325297D806DE6868D85C8BBC4F04A7C5812BA86E35EF884CE69F9871DF2E904387F3B88723D06B8AB06C7FA3998050AC7FA5E
      Malicious:false
      Reputation:unknown
      Preview:..V.................j3..-...|Y.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\................................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\.................................................................................................................................................................0u..,.....................5w.................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edb.log

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):2097152
      Entropy (8bit):0.0023762139904782522
      Encrypted:false
      SSDEEP:
      MD5:31D5CFD759C207387E2EFB8809319B98
      SHA1:364602743E3FF1FE7AB6EA23F07633FEC4F4794C
      SHA-256:3A139103B85D46013861BBD891CEF42C72F8C037D0C7CA248D445E8D2E568088
      SHA-512:501E2EE93C74EF84930FDE61CF962B333A9D3D21FBD7556DCA670E9A56F89C4302AF6284DE55177158748C2B654BA103B90F2EDC6A36A80F59314F6FC550D4E4
      Malicious:false
      Reputation:unknown
      Preview:@|.u........... .-...|Y......................j3..-...|Y.................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\................................................................................................................................................................C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\.................................................................................................................................................................0u..,.....................5w.......................................#.................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\edbres00001.jrs

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:data
      Category:dropped
      Size (bytes):2097152
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:B2D1236C286A3C0704224FE4105ECA49
      SHA1:7D76D48D64D7AC5411D714A4BB83F37E3E5B8DF6
      SHA-256:5647F05EC18958947D32874EEB788FA396A05D0BAB7C1B71F112CEB7E9B31EEE
      SHA-512:731859029215873FDAC1C9F2F8BD25A334ABF0F3A9E1B057CF2CACC2826D86B0C26A3FA920A936421401C0471F38857CB53BA905489EA46B185209FDFF65B3B6
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\Database\anonymous\tmp.edb

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:Extensible storage engine DataBase, version 0x620, checksum 0x6ce520d3, page size 8192, JustCreated, Windows version 0.0
      Category:dropped
      Size (bytes):262144
      Entropy (8bit):0.14193788537470528
      Encrypted:false
      SSDEEP:
      MD5:4F3DB12A0A78FF2C3A26214AD395512C
      SHA1:CDA4C55FCE04B21EFA0CCA1923A7E93B1786AC60
      SHA-256:3373F9B0D0F8F9128DAF7E878CD3E252A03D500E4FEAA44C5A7AE92FB148F65A
      SHA-512:A0D98B86C228261969C677D6BFEDF9AAE3FF84EC2B9A7BE51F8463C7D08C43136CAF55704D11FE5DDB87EFC64C1F4519EBE3EB515CF83964207D9D045103E5FD
      Malicious:false
      Reputation:unknown
      Preview:l. .... .......@.......o#...-...|........................................................................................................................................................................................................... ...................................................................................................... ...................................................................................................................................................................................................................................................C...-...|.7....................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml (copy)

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:62E394EC8B8C69B13E9FE2647A17ED4B
      SHA1:C6E99C4B0421CB80B261471EF6B5FF7B87C4B01F
      SHA-256:CA29C242882CACE519726AFCD93AEDED40E7604C7DF1F7D2A42C2F2D54FA28DA
      SHA-512:F03883D0DBD65C03D3C473F33F948AEDD4D3E7F7CDA70D7D951A1159D42FCA0F0E64132D9196B4729CF12A1A00CAFFF406CD6D5A3B4D99934DF642C6D4D19170
      Malicious:false
      Reputation:unknown
      Preview:<SRPData version="1" sessionId="1"><Outcomes></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="2" monthOfLastLaunch="8" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml.~tmp

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):214
      Entropy (8bit):4.835751117262761
      Encrypted:false
      SSDEEP:
      MD5:62E394EC8B8C69B13E9FE2647A17ED4B
      SHA1:C6E99C4B0421CB80B261471EF6B5FF7B87C4B01F
      SHA-256:CA29C242882CACE519726AFCD93AEDED40E7604C7DF1F7D2A42C2F2D54FA28DA
      SHA-512:F03883D0DBD65C03D3C473F33F948AEDD4D3E7F7CDA70D7D951A1159D42FCA0F0E64132D9196B4729CF12A1A00CAFFF406CD6D5A3B4D99934DF642C6D4D19170
      Malicious:false
      Reputation:unknown
      Preview:<SRPData version="1" sessionId="1"><Outcomes></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="2" monthOfLastLaunch="8" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\SRPData.xml~RF680226fb.TMP (copy)

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:ASCII text, with no line terminators
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:62E394EC8B8C69B13E9FE2647A17ED4B
      SHA1:C6E99C4B0421CB80B261471EF6B5FF7B87C4B01F
      SHA-256:CA29C242882CACE519726AFCD93AEDED40E7604C7DF1F7D2A42C2F2D54FA28DA
      SHA-512:F03883D0DBD65C03D3C473F33F948AEDD4D3E7F7CDA70D7D951A1159D42FCA0F0E64132D9196B4729CF12A1A00CAFFF406CD6D5A3B4D99934DF642C6D4D19170
      Malicious:false
      Reputation:unknown
      Preview:<SRPData version="1" sessionId="1"><Outcomes></Outcomes><Threshold launches="1" daysLaunched="1" dayOfLastLaunch="2" monthOfLastLaunch="8" yearOfLastLaunch="2024" userHasAccepted="false" timesPolled="0"/></SRPData>

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json (copy)

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:2CDC41F725F04CEC33727CDC6481C94A
      SHA1:C6AC9CEB979BD3C2712C9CC5E0F033EDFA185B9D
      SHA-256:A58244DA4102BFB2D35130F816B81480722F622168FA8626770E00B558171057
      SHA-512:BAD5E48077D30A1AAB51F17239F17AB7EB21DD1B94DF2E2BD8C9926EA0F529CCC1FD346AAD6A6896629731F2AFCDBF80BBB68C6B39D24B7492CB3F3B625E0A44
      Malicious:false
      Reputation:unknown
      Preview:{"version":"10.19071.19011.0","backstack":[{"type":"MS.Entertainment.Music.AlbumsPage","transition":1,"link":"mswindowsmusic://navigatetolibrary/?pageviewtype=MS.Entertainment.Music.AlbumsPage&scrollpositioninfo=0"}]}

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json.~tmp

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):217
      Entropy (8bit):4.93980567695655
      Encrypted:false
      SSDEEP:
      MD5:2CDC41F725F04CEC33727CDC6481C94A
      SHA1:C6AC9CEB979BD3C2712C9CC5E0F033EDFA185B9D
      SHA-256:A58244DA4102BFB2D35130F816B81480722F622168FA8626770E00B558171057
      SHA-512:BAD5E48077D30A1AAB51F17239F17AB7EB21DD1B94DF2E2BD8C9926EA0F529CCC1FD346AAD6A6896629731F2AFCDBF80BBB68C6B39D24B7492CB3F3B625E0A44
      Malicious:false
      Reputation:unknown
      Preview:{"version":"10.19071.19011.0","backstack":[{"type":"MS.Entertainment.Music.AlbumsPage","transition":1,"link":"mswindowsmusic://navigatetolibrary/?pageviewtype=MS.Entertainment.Music.AlbumsPage&scrollpositioninfo=0"}]}

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\LocalState\backstack.json~RFccd6eb78.TMP (copy)

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:2CDC41F725F04CEC33727CDC6481C94A
      SHA1:C6AC9CEB979BD3C2712C9CC5E0F033EDFA185B9D
      SHA-256:A58244DA4102BFB2D35130F816B81480722F622168FA8626770E00B558171057
      SHA-512:BAD5E48077D30A1AAB51F17239F17AB7EB21DD1B94DF2E2BD8C9926EA0F529CCC1FD346AAD6A6896629731F2AFCDBF80BBB68C6B39D24B7492CB3F3B625E0A44
      Malicious:false
      Reputation:unknown
      Preview:{"version":"10.19071.19011.0","backstack":[{"type":"MS.Entertainment.Music.AlbumsPage","transition":1,"link":"mswindowsmusic://navigatetolibrary/?pageviewtype=MS.Entertainment.Music.AlbumsPage&scrollpositioninfo=0"}]}

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:MS Windows registry file, NT/2000 or above
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):2.7195016099776135
      Encrypted:false
      SSDEEP:
      MD5:E6E44321283BFBE95EC036E83929C656
      SHA1:E1E4F52EAF8D9A93764E32244C8AB557EC59D5BD
      SHA-256:7787525E887D3B956BA53ABB5C61C0FD7E3F7113A184838C6934ED65467DCAE1
      SHA-512:D75851DEA55618EDB1245A5A50D783B95B89B6CC2376547EC2FEDB0D6CBC24B87A963C8C1DC45C727B3567EAD8B2F2F0285221652F9229C99DBB77A17DEA2E6D
      Malicious:false
      Reputation:unknown
      Preview:regf........b.Q.7.................. .... ......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm...C..................................................................................................................................................................................................................................................................................................................................................f.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Settings\settings.dat.LOG1

      Download File
      Process:C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Music.UI.exe
      File Type:MS Windows registry file, NT/2000 or above
      Category:dropped
      Size (bytes):12288
      Entropy (8bit):3.4419069832891447
      Encrypted:false
      SSDEEP:
      MD5:2F5240EF8E81AE1D511E76EB943FDDD3
      SHA1:995FB003869063B94CF44563CDB951BB5EFEB301
      SHA-256:CE4C053DDE5A1A09F2D8B3712E8E797AADD133A04FF47B88C73087524F17BE36
      SHA-512:F3568032CA143BC24008A5FED3B1BBCF1E86FFBCD698C5BE33C2B12AC11B5E4244CA0A1F83AF37382766EB2F31BB24B969969B1F1713DD813C8624994BC7FE75
      Malicious:false
      Reputation:unknown
      Preview:regf........b.Q.7.................. .... ......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm...C..................................................................................................................................................................................................................................................................................................................................................f.HvLE............. ........, .(.*.....'..... ..hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk .c.}J....................................h...............................Configuration...p...sk..x...x.......t.......H...X.............4.........?.......................

      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720043089921179800_884E86A1-F4BB-4114-8053-19FBB93DC820.log

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:ASCII text, with very long lines (28771), with CRLF line terminators
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.17442534063332235
      Encrypted:false
      SSDEEP:
      MD5:953B7AF0A2F031D1DD1D420EAB254C1D
      SHA1:7995FF984D07C4AFE698CAB1D6617A8DA8D9E08E
      SHA-256:4B5C2CBA19E09D1C892B0DFC659028FE3DD6C188F944BB770D4C11F238BC0A42
      SHA-512:8CBE816BC8476A9ACB4B7774368A79155B52ED4F043E303138C944450C6ABD7C32E92C091E8CE0136E8BE32EA9F16DCA5EEB2D9B94B609E1FA903DDFA588FF7E
      Malicious:false
      Reputation:unknown
      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..07/03/2024 21:44:49.960.OUTLOOK (0x1BC0).0x1BC4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":26,"Time":"2024-07-03T21:44:49.960Z","Contract":"Office.System.Activity","Activity.CV":"oYZOiLv0FEGAUxn7uT3IIA.4.11","Activity.Duration":23,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...07/03/2024 21:44:49.976.OUTLOOK (0x1BC0).0x1BC4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":28,"Time":"2024-07-03T21:44:49.976Z","Contract":"Office.System.Activity","Activity.CV":"oYZOiLv0FEGAUxn7uT3IIA.4.12","Activity.Duration":12679,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1720043089921803700_884E86A1-F4BB-4114-8053-19FBB93DC820.log

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):20971520
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
      Malicious:false
      Reputation:unknown
      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1744490704-7104.etl

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:modified
      Size (bytes):118784
      Entropy (8bit):4.503535319720838
      Encrypted:false
      SSDEEP:
      MD5:043D7257C5748B5C9C7A8D0315D1FC3B
      SHA1:47858F90BFC3537D5EF4FB7E069C15A054B6F590
      SHA-256:2E710D8734EDC6522192D443C0CF7696AD414CB151CD1AF98DDA14ED84513D39
      SHA-512:B953554AFAB15A89AD3BBF623A23F8AE496AB50972535AC0E60E138C4858105A93989434936119BC094CB6ECB75BA03AC18C26A374089CB3468F67583D644418
      Malicious:false
      Reputation:unknown
      Preview:............................................................................`.............:....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1........................................................... .$..Y............:............v.2._.O.U.T.L.O.O.K.:.1.b.c.0.:.c.6.5.6.a.2.0.b.e.c.3.c.4.6.e.7.9.a.1.b.9.5.8.a.b.3.8.c.d.a.6.d...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.7.0.3.T.1.7.4.4.4.9.0.7.0.4.-.7.1.0.4...e.t.l.......P.P...........:............................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240703T1745000058-6584.etl

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):3.5763103199099398
      Encrypted:false
      SSDEEP:
      MD5:6C625DF702C708A0B64BFC2367E0A4F9
      SHA1:6CD542AE40791C87542236CCEEDBB41AF0A0EFCF
      SHA-256:97479EF77014E9E3D7720EAF673E9C27ED47806F9D51F5F7F62FCF117C0795A1
      SHA-512:6828CC04953AAE826C2B437458E847F14314B0403BDD24CC42B745462F88EAE3F37F3486BCDDB81AF60FC44C049D2C8D4C3DF3F4C4CDD64340556073B5BB2885
      Malicious:false
      Reputation:unknown
      Preview:............................................................................`...........|u.A....................eJ.........A....Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1........................................................... .$..Y..........|u.A............v.2._.O.U.T.L.O.O.K.:.1.9.b.8.:.7.d.5.0.2.b.1.b.4.2.1.d.4.4.1.5.9.3.b.8.c.3.6.0.8.4.d.3.7.0.b.4...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.7.0.3.T.1.7.4.5.0.0.0.0.5.8.-.6.5.8.4...e.t.l.......P.P.........|u.A............................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):30
      Entropy (8bit):1.2389205950315936
      Encrypted:false
      SSDEEP:
      MD5:571C0EACB38CFF103CD2B6E75C615C55
      SHA1:90B692656C9F59C95A79051A42A364C1023ACD9E
      SHA-256:A23CA1095F82129224F730FB9CD70CACF2E2CEDF6CCA961CDEC47EC5EDB1E9AC
      SHA-512:D88B8108E60657B5717270AE022649801696E0FB84D6DE66F9313F0ED8021439606CDEC519F9783E9B3B66FAF61A3E98029D7C00DE6154ADED7F600EE54908EA
      Malicious:false
      Reputation:unknown
      Preview:....E.........................

      C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Composite Document File V2 Document, Cannot read section info
      Category:dropped
      Size (bytes):16384
      Entropy (8bit):0.6698969565473195
      Encrypted:false
      SSDEEP:
      MD5:DE185EAFE72ACA371EA8BBF4DB389141
      SHA1:1C0667814B6B7C646FFF10B8DD3D8C065D3EA50E
      SHA-256:26224450747BA927F2F43230E5198E5D4E39607036F376967667F2FE7D570C62
      SHA-512:DE31E21B80D7725BDF9A57F0C6AC7BF8FCE58675B1B15DE9948CFF26AE47B8FEA6D58501F47FA9E1DF7C52615C733A0EA145305752D6906551C1FFFF5E2E35E1
      Malicious:false
      Reputation:unknown
      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Roaming\Microsoft\Templates\NormalEmail.dotm (copy)

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Word 2007+
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:63ECB71D44AA5A4158C47CB9ACCB6396
      SHA1:CB5F791C6386FE2A63622CBDE3AA1E479D48DB5F
      SHA-256:0E385F78822C5E6A2BCDAD53E5D6E4AF95DC25299B1E078175DE58A91DBFB09C
      SHA-512:13F86B2475A95318240F784674B703F7372A05B174A7AD79D5E9ED7FBDE89892F8151FA71A495C919B37AA3033327A4E9320EFF599DCAC126B75E3D1D4E6CBC9
      Malicious:false
      Reputation:unknown
      Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......

      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):162
      Entropy (8bit):3.673121737248143
      Encrypted:false
      SSDEEP:
      MD5:5866F77254F2F71849B0B014FE49F7B5
      SHA1:00593F0AD02E98B0B19E82C45CB75434EEAF6A16
      SHA-256:53F3FCB33475E782346700083CCB49CA7E5152A8112B258ABD1D37C0B22DB8B4
      SHA-512:C2150EC573372692923819486B5C94A26A782873CD1FC6F690FF96826046009D76A448CF82EDBB610AB445E20A67B074284E4CB4386AE736E993EF4C7C95801F
      Malicious:false
      Reputation:unknown
      Preview:.user...................................................c.a.l.i....J?..<.u.....{..@.{.._?.Xz%^M...hJ?....\.....{..@.{..p?..L..PP..PP..M...........PP...{.. `?..p?.

      C:\Users\user\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Word 2007+
      Category:dropped
      Size (bytes):19605
      Entropy (8bit):7.47497751514171
      Encrypted:false
      SSDEEP:
      MD5:63ECB71D44AA5A4158C47CB9ACCB6396
      SHA1:CB5F791C6386FE2A63622CBDE3AA1E479D48DB5F
      SHA-256:0E385F78822C5E6A2BCDAD53E5D6E4AF95DC25299B1E078175DE58A91DBFB09C
      SHA-512:13F86B2475A95318240F784674B703F7372A05B174A7AD79D5E9ED7FBDE89892F8151FA71A495C919B37AA3033327A4E9320EFF599DCAC126B75E3D1D4E6CBC9
      Malicious:false
      Reputation:unknown
      Preview:PK..........!.Q3.p............[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-J\X ......J..0....K......H...R*.D.g..3.H....M!`.l.....J.j;*...>.b.Fa...B....wz...<`F..K6.._s.r.F`.<X.T....7....U.._t:.\:...<&....A%&:f.9..H.hd..*1y.Lx.k)".........e..k.g.....)....&......A...3..WNN.U..e...<....'4(.....x.....nh.t.....p7..j..s...I@.w6.X..C.Tp...r+..^..F.N...".az...h.[!F.!...g...i"...C..n9.~l...3.....H..V..9.2.,)s..GZD..mo6M..a.!...q$.......O..r-.........PK..........!.........N......

      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:Microsoft Outlook email folder (>=2003)
      Category:dropped
      Size (bytes):271360
      Entropy (8bit):4.009338579983261
      Encrypted:false
      SSDEEP:
      MD5:2DC5EDC6B505BBA2D61C0BA6FF25BA42
      SHA1:F4DFA92F9C57A5E72997363753EB07C394EB7381
      SHA-256:12FC3140797049A4D56F0C02A357B9B99C09AFD1054D68A88482443F07F2F4ED
      SHA-512:3AFF0F37AEDE3074940148C2B6D883FCF5CF64F618D139FAFD4ED65CC17418D0C66E6000E1470505CB88514BAAABF839F6B8C4101668D8E2391EB7FFEB2777CA
      Malicious:false
      Reputation:unknown
      Preview:!BDN5JHTSM......\...A...................b................@...........@...@...................................@...........................................................................$.......D.......$..........................................................................................................................................................................................................................................................................................................................h.......x.I..*?.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

      Download File
      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      File Type:data
      Category:dropped
      Size (bytes):131072
      Entropy (8bit):5.258062168269766
      Encrypted:false
      SSDEEP:
      MD5:DD94B1FF5783A5BCE63BD674AF242D50
      SHA1:CAFB93B0FB92E566AFE802ECB95FEA527C8205BD
      SHA-256:77523664E24CCE2E7313F115D75993DA71BC90E591F79CCFB3B6296A6E277774
      SHA-512:031C555CEF6C0365AE7C11C69302BC12DA17E5C9DA979104DEF746744480D6D0EB994312ADBC0032E98AE7EB47328DE5F4565ABF1525F13962C68BC882137931
      Malicious:false
      Reputation:unknown
      Preview:.kX.0.................:.........D............#.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................G.5d.D.......G.40.................:.........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

      Static File Info

      General

      File type:SMTP mail, ASCII text, with very long lines (443), with CRLF line terminators
      Entropy (8bit):5.5029823632647155
      TrID:
      • E-Mail message (Var. 1) (20512/2) 100.00%
      File name:original (3).eml
      File size:57'435 bytes
      MD5:6a355be7977ee47446f4cadb3d50f2f0
      SHA1:bab232f4c040f581bbd42a9654d7a6059dac2749
      SHA256:c0fec241ae73edaf55983ed388ad3921bcd2e891746fab31fa5fbb521fd52091
      SHA512:37bb8a4434cd58f8330b600f4af9a6d130790a02a23ebc92798b5499f82e942ec940501a188ea49c5110c484a6c1baa29ce8c419efd41cf05a40d034372138d0
      SSDEEP:768:rsb2sKSbUWJuoEVUqhDWWvAmtgkhzziNDcHCg9hCmHNhn:c2sKSb6oJq9WWvxdDigt3n
      TLSH:8743F66F0F609A610F9DF2F89C3766CA0255B721D1A21CBC632E836ED01EC945DBDD46
      File Content Preview:Return-Path: <alecg@plateautel.com>..Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2120.outbound.protection.outlook.com [40.107.237.120]).. by inbound-smtp.us-east-1.amazonaws.com with SMTP id clvkoqjaqffp9cmapmk2eq2gpkm80us

      Static Mail

      General

      Subject:[Phish Alert] Fwd: Voice message from 5752796772 to 5753891918
      From:Alec Gonzales <alecg@plateautel.com>
      To:"9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com" <9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com>
      Cc:
      BCC:
      Date:Tue, 02 Jul 2024 16:20:01 +0000
      Communications:
      • Some people who received this message don't often get email from non-mail-user@plateauvm.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. The attached message was recently left in your voicemail account for 5753891918. We are sending you this email because you have asked for your messages to be forwarded to this address.
      Attachments:
      • phish_alert_sp2_2.0.0.0.eml

      Headers

      Key Value
      Return-Path<alecg@plateautel.com>
      Receivedfrom SJ0PR15MB4342.namprd15.prod.outlook.com ([fe80::2c32:1806:b30e:9f7c]) by SJ0PR15MB4342.namprd15.prod.outlook.com ([fe80::2c32:1806:b30e:9f7c%4]) with mapi id 15.20.7719.028; Tue, 2 Jul 2024 16:20:01 +0000
      Received-SPFpass (spfCheck: domain of plateautel.com designates 40.107.237.120 as permitted sender) client-ip=40.107.237.120; envelope-from=alecg@plateautel.com; helo=NAM12-BN8-obe.outbound.protection.outlook.com;
      Authentication-Resultsamazonses.com; spf=pass (spfCheck: domain of plateautel.com designates 40.107.237.120 as permitted sender) client-ip=40.107.237.120; envelope-from=alecg@plateautel.com; helo=NAM12-BN8-obe.outbound.protection.outlook.com; dkim=pass header.i=@plateautel.com; dmarc=pass header.from=plateautel.com;
      X-SES-RECEIPTAEFBQUFBQUFBQUFHSFZHTGRySEVvV0ovSDEzd2Z4dllvMDF5eDkyd1BJQ1o2TXdxNUxLVGNmdk9VdTVpMXNIMUZaRTBzQkllOFdDMUIzaFhJamNlcENRNHR1UU9xUXozM0VLTStxQzVlL1BzcDZXOXNoQjluTmhHQ0Rsam9GNjVYQXFlc3dNN3FmYnVzSWEzU1BnS3hDT1BtcGVPVFF0QVA2QUYvbmxMU0JFaThGNzR4YnpqekJFazVyMlkzQmNPZy8zaHJ3djVJOU85ejJDcmxCeFBXWmxYK09qNXdaUkJJL0thUjZUR2Zwcit1VnJwL2dxdGFoUVVTRXFrWHhXVERscEdFRlZaWi9vYUVXYlo4RnZtOStYdVVEa2pYSlVFN1FNNExJTkJkSDZHM2pFa1lTanRYaXc9PQ==
      X-SES-DKIM-SIGNATUREa=rsa-sha256; q=dns/txt; b=hxn+/xF4Rqkra94//Dlzr62bIY9IpEUpx5QJraeP320E2TpNzIZxN6e7fe1fjpVC0BgdTdvH/uEcLNPvI4gnwnCrfynKpXuuCB9xEMICqeF1lqv15RQ94BWaN/2QukR2oW7jZqyMD06T2K875nQEMwiwWC++VXFypfoA4mFGpUY=; c=relaxed/simple; s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1719937206; v=1; bh=ax17UvrJRQ+nyhJmUiKmQXhO1VdVaHnl7OUb9FX9ohY=; h=From:To:Cc:Bcc:Subject:Date:Message-ID:MIME-Version:Content-Type:X-SES-RECEIPT;
      ARC-Seali=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VCbuk/rqFljJC0gOaAieIss9cSeOBI0FQneA4ZgGiyqix09bLVm0t3wk+F/oldGH6cFqWL9t+JhkOvKaWEFSP8Qn0MDxmAMQci+Bj+QMYIJKZnlReIfhRYxaRC+yDhNgbdJeZ+CIDl3gpX/1B+WrdV6Coh2bYg1ESGC/m6wRX4by6yFNAv2fz8Rx6mgAuOTlvzISzn7qufFH8WW4rsDPoF7SqBQjeKhULVkp9ZVexSj3tX77saK21UO1fgWLd2LsorW4j0gtxZfebcKhxvm8AYmtJUL/FOiiZ4rl+lqqvmA/a+28s3WNY1TkX6hTRLt60NfB+i1zGFYNrjuDETNrGQ==
      ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=1gEEk51GgrdacM3ySuyExDTfRdmat12aRclmlyHzmBE=; b=BDr4N6KqUHu79lvuQrQsNUqCxoPgRjOYMkNukBIfGj0mA8xECtS/lOTjJFiet3wx2gk/myMczsRxrXqez7UrkUtztPe/S+JFmKRKUbQtTOg8FKbHb8s7yIZslAEf2NRdwJxvaNXA+S0WHDBcv+Byxw//oNcHNSLBF9u218W7Sos9aeOjG69FDXZMklym3GIGddXn1LfPS3i+ANVYmYp2TqizcppclHh6j1l/mVJK6csi+VovXrJXStWGFvZiLyPWOLUzzEmvv5TfdWr59Hyy5hovNWsyUg3QTbqc/PTctn/qEJcKeczlktmT98pNlLNMyGbXqlA55xp8QLIcTHck5Q==
      ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=plateautel.com; dmarc=pass action=none header.from=plateautel.com; dkim=pass header.d=plateautel.com; arc=none
      DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=plateautel.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=1gEEk51GgrdacM3ySuyExDTfRdmat12aRclmlyHzmBE=; b=eNYRrrTNCIWYK7faj1Gm4wFAF/i1qzUOTJHCSEYDAuQnkCViHj18NinR4rtVn7boHvgfDuGitfC2R9DSkxTfuxs6vJfeaIbY9lvGhjmUR+WnRsxotn1h44u2FRD/0yZ63Ow0LZwvzLGPwChgDkFUsnQ2PiJLreekyVE7B2tgm84=
      FromAlec Gonzales <alecg@plateautel.com>
      To"9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com" <9f39fdb7-5601-4ea7-9716-c172e4198525@phisher.knowbe4.com>
      Subject[Phish Alert] Fwd: Voice message from 5752796772 to 5753891918
      Thread-Topic[Phish Alert] Fwd: Voice message from 5752796772 to 5753891918
      Thread-IndexAQHazJuwrLwto1eVqk+b8/rCLVgn7w==
      DateTue, 02 Jul 2024 16:20:01 +0000
      Message-ID <SJ0PR15MB4342F777FDA917C3591C04DEDCDC2@SJ0PR15MB4342.namprd15.prod.outlook.com>
      Accept-Languageen-US
      Content-Languageen-US
      X-MS-Has-Attachyes
      X-MS-TNEF-Correlator
      authentication-resultsdkim=none (message not signed) header.d=none;dmarc=none action=none header.from=plateautel.com;
      x-ms-publictraffictypeEmail
      x-ms-traffictypediagnosticSJ0PR15MB4342:EE_|SA0PR15MB3821:EE_
      x-ms-office365-filtering-correlation-id1cae414e-6a9b-4f29-a6d7-08dc9ab2d341
      x-ms-exchange-senderadcheck1
      x-ms-exchange-antispam-relay0
      x-microsoft-antispamBCL:0;ARA:13230040|1800799024|366016|376014|38070700018;
      x-microsoft-antispam-message-info wn6KzhyhemGrB7yj4BrrJTiGly3d9AVaxICBBFKfwSTA75PnDqGZdXukNa7WISeDQug00A2AXq27ZIH0Rp3QrVc50ZYnLrqLGtuKIynnr5RZX2BrcbIMyyA32jKeC432CgjzvAO0gdFTm+brXOV2OhjuxSzwE/4zk3fLWV9emwSxyIvVrzUuVb0lBVKwAq5ZzWFqtoqYbX3sjlBh7P1QiDVw1e4V8ejNBF0B0FED11YTS8OuUAzfaW8MfYz7JjkhKKyg2jheVCsUioNLqviTj/K+UedpIEpoZf6jP99qFNXakYrh33bP3zJU51yNqY17Ymw5EY+2CRFOQnJ9jQECfrC1kh1donXzkTWMbR8Z+QSSWwaEKDrfbNzfsCMVX6YmAyoGcmo9ESr7RIM41zHLuXQ8Pt8dg1WGo+V/JmhLmLwBA6haBLenpvS59N5Dswmsf2i9USq0YoaDQzuWwQKjUTI18rRuKybKo5TLbeNoMDd3vkt012ORsAwmXwD5yKH/Y3/6fANYHLg5scG4Wbo5lCAYl4vtq9vX2cVGaOKKV6KWxEhxIYF1ylehlPWkh6Xc/XsxooGrda5x5DLFXE+7YZ6aEqTPMXdndMKoqrv6B5S0u0AAG/j0+UQVsXxZ/La2Gen9CrkVRSeNf+MUWiNYIcmbPssyKv/19WjLJlx3WVO40iA5vMfZq1e2CYQCRapOv7eIrnHl71zI7R+PhReqAiy1b8o6M3t9J7L8X1jL1P7pI7m9PryrV8ZsOQJkVKM5AVONMMU1xJZH8/0tHYEpE/R8hkq5WrDaArAJhu2kA8YnqDmnPJHWRLpxO2n7DcWPgGzA6iOrY5FRHUcYuuPkYNiHJ/So8xIpsAWFW8Y5UK4/AsS5VnHSDKRSNrawokGot9BFFbKlW2qahvrzwfZZK7FjXlHHzLKb7ExOsDLHfGYDvkSAp77dI53tQ0lOrZJo6HwJNMavm4pzMn8g0bGJzsxs8ErRkgsdmRTVXyS0POZn9XKq+BE5An1jArWhhiaq2u3sTHVm647y53E8j/gcuzwnqc2tuzXp0zky81yMmsmqSwFDEtXDtu58doSzxTjONxJtfxkRISWJ/8tCFtSmj+5WQCroBByuGacxCcQAOVEnaE5bHkocwIIaf0755ATgoDhblgczFPckCS0RQ1mCWY0oZQLThHqB0gg00Pvg8NqHyUgrcZsIEKrvW+dYWPCCDqWyLon8+zEohBHDjhcnWzA7YIMMKrk7pmy43egFjXb5Vf6CzWhyspnUVU4ZZhc8+0VmWQgicEmJWbwKbNqOwNt55R8JlEgrGux/VI4F4MWEaww5rEXzcoRCyI5jN1gSXw6fcmsrtV/FAeISj1AIww==
      x-forefront-antispam-report CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR15MB4342.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014)(38070700018);DIR:OUT;SFP:1102;
      x-ms-exchange-antispam-messagedata-chunkcount1
      x-ms-exchange-antispam-messagedata-0 zjlpLJT2oEDEhib74+a2BtELaBt60upfRWObVzocKjjvekOfxpp3wsvUWHxE6B2lvXD0dj8Bdml1P+8H/INToS1CfwywyqxvvEMCLol7Ni3kil4WT9hfUXM+v/MZRoz6JE/qEKTMeGx1DAXjI26Iqp0vWmKuCMKQhs72AU7G/mFWLAWI4bpMfq/pbxBiuOmdWNYUL0n96rEJJ9eBwsOt22xhjqq55vHXvMIlDcxSJqItbieJ+PTec45B2Bbg1tfHkr75HQwcRiv3rTl/NzpVQCS2OSq1Sd8ubzp1LpzGKRfk8DZL3xB+r7kuISxYEaKAKYqoAs0nc7VmgoS6/YFKaPJMyYtAfzqMAQ5kUCP9QOnAd6iHpj9+LzPRGaX0bgJAiX5XuPGrNeQXA0Lx4SzQZEQFqcd/HdYjs5cDNj77/qbhzDntYhmHVK5u0mFx0MwmQR6fwgiDJqU9nVQc+o1EuTWyzMvfCWf2RFUYB0xVyr1cUm6DLSrXF8JKU9A0seZZMvKqMIWe8L1kw9EkFFwo0xsknCHs9bJdM120bdUCfRrAoNJAoelWHkIw4FBpZcmWBXr9e5scloTF8Le2SyU5JJqvj4Z87ov2cSmKWzbxa35rBGC+QjfAihkP8ngC69VjsxTq9SsgKyDY+y1UwHeTvpFr2wmgeiBOUDVOup/6f6//FzfMS3W8ApjNvTnWon7HSQoVki7AKoqH+JxuCKbRtctiDb8/Ri8yhrjsKjXlgedb8pLnba0aeQwX3ZMLGp58TiFsKKCIfkA4+z7bwyH+/qqro/lfhaPW6vTZKaAFoGT1Iyh2WShQI3151K/o1PsDfmEl5RsPJZQwRytd8Xzje2WSt9oRJDVCvqizVykN2cfrWzcqsL+qWyr+hM/rA+71SBJl6Llrm5TIIInzYvqsahPLmeZHw8k4mLMCfSAM3sBrJdItyD857HhBrCXU2Armq/ULjyovT8zTOoRb7z5/lDQeuT54VQUOKP+JD75SCc0g/vene/imdT+CIDoeRtki5UCEkOPOS60lr58F6JcxWHchdhIyj8MfPJrfI7maVO6zG70ICPg0ZnMqcPttnVWLkzYeAOyM/9aUTHIweA4lxElv/tR8nRMXUyKtOr5JIqU5/Ivbmge+txXgq4C5OkyIj2orsqh9YunLSjxSjXTpBFXJJiAiJIGS0S8WtR4nAGXGQZh08sRExKuZWe5nsp0N3xRym7mxNKKs4Q5SkOYZqnbQWEX5Qwt3pyUefbM+N3JUIQ8yBA6z1KA7BhDHrelp/ZtlQs1hFN+PrbEA1zwwQ+FSi3WDd8dYPYSsbsPIEZnFlzTfoJAPscBBfsVNS3YhMzw29msHKoPbwKbp/yGbiWFfbcxVgzvdnBHQsuwRIgDIo4hoau1bnNbblUfusIhXtM3mVSJFEi0DEBvDBkBZAitxeqbx7ax6txXprrPasb7r1cfzYIYWSUPeN9463/Yobt0kyRZ6LJ1zOzBwJyjzkz7EfUYe0ddNIA9y2bXHXWurwC6TaKXVaA5EjeHu//mc5ovMOVY2fUxGXIt80U9hW+8qBe2yPhZYHlN2slK2j26PlILNtEXGpIkrsUSSgpb6
      Content-Typemultipart/mixed; boundary="_004_SJ0PR15MB4342F777FDA917C3591C04DEDCDC2SJ0PR15MB4342namp_"
      MIME-Version1.0
      X-OriginatorOrgplateautel.com
      X-MS-Exchange-CrossTenant-AuthAsInternal
      X-MS-Exchange-CrossTenant-AuthSourceSJ0PR15MB4342.namprd15.prod.outlook.com
      X-MS-Exchange-CrossTenant-Network-Message-Id1cae414e-6a9b-4f29-a6d7-08dc9ab2d341
      X-MS-Exchange-CrossTenant-originalarrivaltime02 Jul 2024 16:20:01.8597 (UTC)
      X-MS-Exchange-CrossTenant-fromentityheaderHosted
      X-MS-Exchange-CrossTenant-idc66eaad3-4231-4d3b-873b-e9d98588a49e
      X-MS-Exchange-CrossTenant-mailboxtypeHOSTED
      X-MS-Exchange-CrossTenant-userprincipalnameVLhq79XMJGvmP0/wsQj0pH9U0GCs4j2Xo62JNN+H0uJUfMzE3KTFn+1Bh+OR/fsCQ0BeQ034Psg4xoC0YElZ4w==
      X-MS-Exchange-Transport-CrossTenantHeadersStampedSA0PR15MB3821

      File Icon

      Icon Hash:46070c0a8e0c67d6