Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml

Overview

General Information

Sample name:8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml
Analysis ID:1539653
MD5:00ba8131647b7685611ef53288653bb2
SHA1:29104882127887336856bfdd82b76dc0c2226d7f
SHA256:553e11f5ceee941b9945f61fbf9eea03ff22f60ab5d695da043a872e475a71a1
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 6204 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 3448 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5665F238-8B64-4173-A045-8BC802E60CB0" "4B797061-BB80-41FC-B318-8225D6BE7667" "6204" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6204, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.aadrm.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.aadrm.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.cortana.ai
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.microsoftstream.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.office.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.onedrive.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://api.scheduler.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://app.powerbi.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://augloop.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://augloop.office.com/v2
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://canary.designerapp.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.entity.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cortana.ai
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cortana.ai/api
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://cr.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://d.docs.live.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dev.cortana.ai
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://devnull.onenote.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://directory.services.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ecs.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://edge.skype.com/rps
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://graph.windows.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://graph.windows.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ic3.teams.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://invites.office.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://lifecycle.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://login.microsoftonline.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241022T1754010783-6204.etl.0.drString found in binary or memory: https://login.windows.locale.OR
Source: OUTLOOK_16_0_16827_20130-20241022T1754010783-6204.etl.0.drString found in binary or memory: https://login.windows.localft.R
Source: OUTLOOK_16_0_16827_20130-20241022T1754010783-6204.etl.0.drString found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241022T1754010783-6204.etl.0.drString found in binary or memory: https://login.windows.localnullrosD
Source: App1729634042210211000_B27576D5-8949-461F-8416-D284F10170AB.log.0.drString found in binary or memory: https://login.windows.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://make.powerautomate.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://management.azure.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://management.azure.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.action.office.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://messaging.office.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://mss.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ncus.contentsync.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://officeapps.live.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://officepyservice.office.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://onedrive.live.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office365.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office365.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://powerlift.acompli.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://res.cdn.office.net
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://service.powerapps.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://settings.outlook.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://staging.cortana.ai
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://substrate.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://tasks.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://webshell.suite.office.com
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://wus2.contentsync.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/18@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241022T1754010783-6204.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5665F238-8B64-4173-A045-8BC802E60CB0" "4B797061-BB80-41FC-B318-8225D6BE7667" "6204" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5665F238-8B64-4173-A045-8BC802E60CB0" "4B797061-BB80-41FC-B318-8225D6BE7667" "6204" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1539653 Sample: 8ae7220a-ee65-2f3e-f16a-310... Startdate: 22/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 94 122 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://login.windows.net0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
    		217.20.57.34
    		truefalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://api.diagnosticssdf.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://login.microsoftonline.com/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://shell.suite.office.com:1443FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://designerapp.azurewebsites.netFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://autodiscover-s.outlook.com/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://useraudit.o365auditrealtimeingestion.manage.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://outlook.office365.com/connectorsFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://cdn.entity.FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.addins.omex.office.net/appinfo/queryFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://clients.config.office.net/user/v1.0/tenantassociationkeyFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241022T1754010783-6204.etl.0.drfalse
        		unknown
        https://powerlift.acompli.netFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://rpsticket.partnerservices.getmicrosoftkey.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://lookup.onenote.com/lookup/geolocation/v1FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://cortana.aiFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.powerbi.com/v1.0/myorg/importsFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://cloudfiles.onenote.com/upload.aspxFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://entitlement.diagnosticssdf.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.aadrm.com/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://ofcrecsvcapi-int.azurewebsites.net/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://canary.designerapp.FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://ic3.teams.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://www.yammer.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.microsoftstream.com/api/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
          		unknown
          https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://cr.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
            		unknown
            https://messagebroker.mobile.m365.svc.cloud.microsoftFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
            • URL Reputation: safe
            		unknown
            https://otelrules.svc.static.microsoftFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              		unknown
              https://portal.office.com/account/?ref=ClientMeControlFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://edge.skype.com/registrar/prodFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://graph.ppe.windows.netFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://res.getmicrosoftkey.com/api/redemptioneventsFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://powerlift-frontdesk.acompli.netFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://tasks.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://officeci.azurewebsites.net/api/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://sr.outlook.office.net/ws/speech/recognize/assistant/workFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://api.scheduler.FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
              • URL Reputation: safe
              		unknown
              https://my.microsoftpersonalcontent.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                		unknown
                https://store.office.cn/addinstemplateFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.aadrm.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                • URL Reputation: safe
                		unknown
                https://edge.skype.com/rpsFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office.com/autosuggest/api/v1/init?cvid=FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  		unknown
                  https://globaldisco.crm.dynamics.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://messaging.engagement.office.com/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://dev0-api.acompli.net/autodetectFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.odwebp.svc.msFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.diagnosticssdf.office.com/v2/feedbackFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.powerbi.com/v1.0/myorg/groupsFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://web.microsoftstream.com/video/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.addins.store.officeppe.com/addinstemplateFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://graph.windows.netFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://dataservice.o365filtering.com/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://officesetup.getmicrosoftkey.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://analysis.windows.net/powerbi/apiFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://prod-global-autodetect.acompli.net/autodetectFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://substrate.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://outlook.office365.com/autodiscover/autodiscover.jsonFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://consent.config.office.com/consentcheckin/v1.0/consentsFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://d.docs.live.netFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                    		unknown
                    https://safelinks.protection.outlook.com/api/GetPolicyFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ncus.contentsync.FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      		unknown
                      https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://weather.service.msn.com/data.aspxFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://apis.live.net/v5.0/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://officepyservice.office.net/service.functionalityFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://templatesmetadata.office.net/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://messaging.lifecycle.office.com/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://mss.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://pushchannel.1drv.msFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://management.azure.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://outlook.office365.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://login.windows.netApp1729634042210211000_B27576D5-8949-461F-8416-D284F10170AB.log.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://wus2.contentsync.FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://incidents.diagnostics.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://clients.config.office.net/user/v1.0/iosFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://make.powerautomate.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://api.addins.omex.office.net/api/addins/searchFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://insertmedia.bing.office.net/odc/insertmediaFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://outlook.office365.com/api/v1.0/me/ActivitiesFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://api.office.netFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://incidents.diagnosticssdf.office.comFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://asgsmsproxyapi.azurewebsites.net/FBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://clients.config.office.net/user/v1.0/android/policiesFBDA133E-B1FE-4BAD-9B74-54C828D9D25B.0.drfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      No contacted IP infos

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1539653
                      Start date and time:2024-10-22 23:53:03 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 4m 37s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:7
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml
                      Detection:CLEAN
                      Classification:clean1.winEML@3/18@0/0
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Found application associated with file extension: .eml

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 52.109.89.19, 217.20.57.34, 2.19.126.160, 2.19.126.151, 52.168.117.168
                      • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, weu-azsc-000.roaming.officeapps.live.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, onedscolprdeus07.eastus.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • VT rate limit hit for: 8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      bg.microsoft.map.fastly.netFINAL SETTLEMENT DOCUMENT_ LIEN WAVER DURATION- 57185f7898fa8b51ebd3deed1492e65365186c19.emlGet hashmaliciousHTMLPhisherBrowse
                      • 199.232.214.172
                      Scan copy of document .pdfGet hashmaliciousUnknownBrowse
                      • 199.232.214.172
                      https://criminallawattorney.online/loganlowry/Get hashmaliciousHTMLPhisherBrowse
                      • 199.232.214.172
                      https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                      • 199.232.214.172
                      https://newsletter-editor.poweredbyintegra.dk/?NewsLetterTracker=true&bio=holstebrony&newsletter_ID=1&Text=Eget%20billede%20%28ingen%20mellemrum%29&Code=106&utcmabite=f9d0de3f-59af-46e8-b932-e8ab5db62f67&biocode=holstebrony&RedirectUrl=hadiqinternational.com%2Fmioskh%2F9197d2920302e8b24e05aa9949b3d5b97725ac1e%2FaG1pY2tlbEB0b25nYXNzZmN1LmNvbQ==%2FGet hashmaliciousHTMLPhisherBrowse
                      • 199.232.214.172
                      hZ6ZMDS1rc.exeGet hashmaliciousAsyncRATBrowse
                      • 199.232.210.172
                      https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                      • 199.232.214.172
                      https:/t.ly/HTVUPGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                      • 199.232.210.172
                      https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6&c=E,1,2gHcyudOM92A_NmE_JJ2Jf4eSYKpBTwM7ropHz3Ql6_j5lFXsyou3Z5LdPEawxCEoxgxUpv-_yWBnzkgF9WshW_jxAqyOX5modTBn9If&typo=1Get hashmaliciousUnknownBrowse
                      • 199.232.214.172
                      default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comhttps://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQhxQlLbRIjo8QpKjRS5qi3QTD4TCmZYuyRNm1nr4w0PSyGwzmG3z_7xprlPWVcJHmI_fpJbjmguOnLn78cm0vTw-4fw8_dttdENzIEmoji9oYsWsAtST2VKmiVOSoJqdyVNYa9pUnKUIDOWiZA0hTgDZrUNoXnphIopaly3TORwyH9YC9Qxdp3XMSYXpJIxKjPXCTxpnFodmlNEyZusugzaDFYfiDUDxm0L7pZ9CeIVNtih33mdpIlF4hGzaGIM8ta2mV83UNlbFYlJCbQhsoM9WKPqbgA2EKsb_VACXX1jKtlM9hpQHcqiKvVsZXuvB16WTBIo6v2IflN7T_8Ly_7-p6G_bz4wbM8n1Sp6MYG7ePPU-Zzu186Pg0H4abuhj5HKZfrF4mPLvT5vndMpR0h183E0MpUvOW7q9xlXB85X820-3i3IC4xLGbBiS-Pf3v-o2eUuge_l-21bG_2vt-fvz8MwAA__9XraZ6Get hashmaliciousUnknownBrowse
                      • 217.20.57.35
                      https://docsend.com/view/gb9whc4k6gn6chkz&c=E,1,wGDGKBMueFLKpJs-qPSCh29y_I5pYyQPDuFeaCJFxrOAE1Kun3vTUMTaIbXig6FBfJSuG3tOPwokmZR5pHF_m4WM-RKKIiqLy4X55qIZUK1djA8,&typo=1Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                      • 217.20.57.34
                      https://www.instagram.com/reel/DBWVgoCoDqq/?igsh=aXdnZTl2NGIwdXN5Get hashmaliciousUnknownBrowse
                      • 217.20.57.26
                      http://jfjle4g5l.com/aas/r45d/vki/2021500/tghr.jsGet hashmaliciousUnknownBrowse
                      • 217.20.57.22
                      https://www.gn3atrk.com/DRDPB6M/361N8SL9/?sub1=WoeGet hashmaliciousUnknownBrowse
                      • 217.20.57.26
                      top_25_domains.xlsGet hashmaliciousUnknownBrowse
                      • 217.20.57.18
                      http://linternasdelmar.com/RDGHEVGet hashmaliciousUnknownBrowse
                      • 217.20.57.18
                      https://email.mail.customfeedback.com/c/eJyUkD-P1TAQxD9N3J2VXXuduHDxDpEGiQpE7T_rS_QS-8kxF45Pjw5EQ0c7oxnNb6I_Hn57KZ_4zSlEg2SizkA0WtbGjsF6M4G2SGHChMFrYhFr6T729wz6NOfRayKLZCipOVACmgA4mEwhEHnFbEVykCcMs2AHE1oCrQBF3trZP_uD3a0kbmctItd2-Za-cVhrvX9tu1t7f5yDug24DLj0WvdThra9rH2v0e8y1mPA5eT69NsbcPHp2MqAy1-6d-36U_j0imJ1SUcVQFkMMSitNMCkxpR4jhBtVFpsDkfUMCIAqlmhBPnxtujnDzdSSPoZLA16PPy2y_j97PXIzCn4eH9fI-7_88y_gHkrvkTeSq7yJyh5cZCxNpbXVlK9Tlm4D7iIw01GkxoBxKPVH29f6p2Lm2adApjs7az0FDRE8Hkeo9ETc4qzNqPxRFk0F9e2nb0-Vm7S77svgx7bo1XZOa7i1eGvAAAA__9cb6caGet hashmaliciousUnknownBrowse
                      • 84.201.210.34
                      A426A426M.pdfGet hashmaliciousUnknownBrowse
                      • 217.20.57.24
                      https://www.google.co.nz/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Falinegrazielle.com%2FKaW12DtgTK%2F28KOjymVGMvsdxoOV3okyunn/S0pvbmVzQGtvbmlhZy1ncy5jb20=Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                      • 217.20.57.36

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                      Category:dropped
                      Size (bytes):4770
                      Entropy (8bit):7.946747821604857
                      Encrypted:false
                      SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                      MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                      SHA1:719C37C320F518AC168C86723724891950911CEA
                      SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                      SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):3.1630232436556387
                      Encrypted:false
                      SSDEEP:6:kK213AN+SkQlPlEGYRMY9z+s3Ql2DUevat:GPkPlE99SCQl2DUevat
                      MD5:81ECCE0A4333AE334EF830EC1C1D4775
                      SHA1:E8E44777865C0B0E154D137BB87A8C1A479F611D
                      SHA-256:F10668436629FA8CACF36CE69DA64670CF5B1FD2C6F29106BB87E4554DEEDB42
                      SHA-512:4AA9B49EDEF9B60D0CE1AD94FAD4F5F39A73B718862C34F2942773498094A4145BEF2F2FDEDB28D08729BC2FDDB18BC1C72E32C4A6A98504D7BDAABF40098BE5
                      Malicious:false
                      Reputation:low
                      Preview:p...... ........_.{..$..(....................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):231348
                      Entropy (8bit):4.395546615260126
                      Encrypted:false
                      SSDEEP:1536:66YLUXgsg+xTf5HSQgsyqNcAz79ysQqt2aSoEqoQPMrcm0Fv3n3yyLX+wGYlNZDm:ycgSBBgWmiGu2TqoQ0rt0FvSOcWWc2q6
                      MD5:588C3F705F5B68246BE1928AD9225533
                      SHA1:C77CDD298A23C8F81DAC8BBA11A1792305559950
                      SHA-256:0D2A3C1971AD36DB105ACED571DBD62E8F7D2C3F9BF21C66FBBA249DF212E1B5
                      SHA-512:6275F58008FFF35F4F6A966F4E28C83495A90D93781ABDBB51774022B3BD51F3C0088C230D95E210F2EC493A1219CCD5F159D0B1D9336BC6E714C646FA1A2132
                      Malicious:false
                      Reputation:low
                      Preview:TH02...... .p'...$......SM01X...,........$..........IPM.Activity...........h...............h............H..ht.?......Ie....h............H..h\alf ...AppD...hx^..0....?....h.Nwm...........h........_`.j...h.Mwm@...I..v...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h.v.......?...#h....8.........$h........8....."h@%.......!....'h..k...........1h.Nwm<.........0h....4.....j../h....h......jH..h....p...t.?...-h .........?...+hsOwm....h.?................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with very long lines (65536), with no line terminators
                      Category:dropped
                      Size (bytes):322260
                      Entropy (8bit):4.000299760592446
                      Encrypted:false
                      SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                      MD5:CC90D669144261B198DEAD45AA266572
                      SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                      SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                      SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with no line terminators
                      Category:modified
                      Size (bytes):10
                      Entropy (8bit):3.121928094887362
                      Encrypted:false
                      SSDEEP:3:LMPW:KW
                      MD5:C190597887645B474F71E524EAC31DF1
                      SHA1:CC8947C3E81FBFEA8FDD41A14C3DF354760CDA4B
                      SHA-256:E31CCB61579699FAFFE1B6FE92DD183E890316C797FA335D9BE578DBB3C6CD6B
                      SHA-512:9271123F04638C860BDA96C5FA7F088CF264479334ED2B86DD02B042B6823DB4E7E043FF9CDE17110D5D10B3EE3227E0187FF201446A39B393600AB5526D3C64
                      Malicious:false
                      Reputation:low
                      Preview:1729634053

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\FBDA133E-B1FE-4BAD-9B74-54C828D9D25B

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):178267
                      Entropy (8bit):5.290273830804651
                      Encrypted:false
                      SSDEEP:1536:Ei2XfRAqFbH41gwEwLe7HW8QM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:OCe7HW8QM/o/TXgk9o
                      MD5:9EE2D88F182C2AD47F3EAFD3969746D6
                      SHA1:7B420D1866B3B41A9A7B156A3AB2059AAFAE8193
                      SHA-256:3446B4E24FDD1E2D04D832C5A48FC60BD4D8B695DC5A4571817B7A61E6FA6449
                      SHA-512:1AEA2803E6B32627848BFB4818E46F262CEEAA7FC1A89763925CFD9058E4951E4AC07609DA3B71E4CC25737065A1F66D730DBD5CC4EC3EC587F759544CF6753C
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-22T21:54:05">.. Build: 16.0.18209.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                      Category:dropped
                      Size (bytes):4096
                      Entropy (8bit):0.09216609452072291
                      Encrypted:false
                      SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                      MD5:F138A66469C10D5761C6CBB36F2163C3
                      SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                      SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                      SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):4616
                      Entropy (8bit):0.1370048545379396
                      Encrypted:false
                      SSDEEP:3:7FEG2l+0/FllkpMRgSWbNFl/sl+ltlslVlllfllL:7+/lDg9bNFlEs1EP/7
                      MD5:0857136E6DDB8169932EC464BC6B3991
                      SHA1:0243BCD371471F0917A2B72FFA3C8BD41349D2D6
                      SHA-256:2324F40502ACF7FD100446AE5E0F57D05C00C71BA0F326C411D50BAB441E361F
                      SHA-512:9AB208CCFFF7E15BA06E9D88C720C39A7B0F121CF6983329A5055EF81A34B9AD73A35CF410B33527A83F9389EC54699B227EF69B73B821C75F3482C395C12319
                      Malicious:false
                      Preview:.... .c.....s..A....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.04469833793377624
                      Encrypted:false
                      SSDEEP:3:G4l2Hzf8SYNIgN7DoNl2Hzf8SYNIgN7Di/ulL9//Xlvlll1lllwlvlllglbXdblx:G4l2TfBNl2TfLSL9XXPH4l942U
                      MD5:779BE0CDA78CC8708715E54D92AE58EE
                      SHA1:37AC0C94C8BE9D9769C784E719FBE463935FB831
                      SHA-256:C5CA2954765E6C6D0711B2A6A41A24F6A90E93D414AB05273B7DA62DE2169931
                      SHA-512:FDCEDE0F592351D8FD8B8DBE5CFD983EC53304075C9F76ED9EFBB18F2D8FFA9726C853DA9A46387593AB4C1D0EF4511A8B3B52D4BA1E2E7F3D112871B6218BC1
                      Malicious:false
                      Preview:..-.....................Y/. @....=.......A.`..bw..-.....................Y/. @....=.......A.`..bw........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Write-Ahead Log, version 3007000
                      Category:dropped
                      Size (bytes):45352
                      Entropy (8bit):0.39411568649919254
                      Encrypted:false
                      SSDEEP:24:KAg6wQ3zRDTUll7DBtDi4kZERD+7zqt8VtbDBtDi4kZERDvL:NjwQ1XUll7DYMq7zO8VFDYMr
                      MD5:AC6C7F83D726C1F4B9C8BA1DB7C14559
                      SHA1:33F3BF577BA1044E180F662C3F76E77BCA7D0122
                      SHA-256:9CFAF1260C7ECF9817F85A3BA603619DFA112B83F020CA6F1A348B501A0E2CB1
                      SHA-512:910DC7D484B5E7E05FAA8107EDBB3658779D7859A089DFDC0BE9DC436A7C2EE46238BF1278ACE29C330EEFA48F7D63F4F7A61ECA955C27D085D7C9FA56BD0D36
                      Malicious:false
                      Preview:7....-...........=......h.A..............=......... ...kSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):2684
                      Entropy (8bit):3.9109980996745843
                      Encrypted:false
                      SSDEEP:48:uiTrlKxJxZDxl9Il8u9fhmfxgUZLuHClvDI1wXkwf2dD9nTtaqd/vc:KnY70KUgCVmwXkwf2p9Ba3
                      MD5:509F48BA03D18AB58972950ECD6D9EB1
                      SHA1:27157893594CA26198C720FDE0EA2C5DD335B976
                      SHA-256:07ED8CB533672E76E271A198BE4BBC73904B1C0BA89ED76D9E6B2DF19461854E
                      SHA-512:342B8DF2869DDE078A8FE6F39CD743D68475B1272E1374530CBB326329396DB17C4B91D3EF768652B93A5092C39829D7083E6378AE0DBAE473368AE55B476C43
                      Malicious:false
                      Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".5.y.a.s.Y.p.5.D.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.3.6.1.q.L.w.

                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729634042210211000_B27576D5-8949-461F-8416-D284F10170AB.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):20971520
                      Entropy (8bit):0.008686008534032784
                      Encrypted:false
                      SSDEEP:384:wFfQUTDLZSq+ASeaupWj1Hq/5f/Sbo0B:wFfQUT3ZH+ASeaupWjU/5f6k0B
                      MD5:7E93C34378CDB3C80B9F49FB8BA2B926
                      SHA1:0C6B4E456CB9CE6FAE9D45233AE60E1F35EC7475
                      SHA-256:EB9158784C548705D4B7862B1C371CE5F23473E1C9A142AA3DEC3AA78BABC86F
                      SHA-512:BD55E81ADB6667DCECC06E202BF677A61BF18C1DF2A06EF48FFE55E41D279C5AC49F4A2FE6CC2335128D652A236D1784463105FA9DE295AF678F8BE645292115
                      Malicious:false
                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/22/2024 21:54:02.299.OUTLOOK (0x183C).0x15B8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":11,"Time":"2024-10-22T21:54:02.299Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"A0E7FBD9-6ECD-45A2-B202-B6D9165A0F5C","Data.PreviousSessionInitTime":"2024-10-22T21:53:44.303Z","Data.PreviousSessionUninitTime":"2024-10-22T21:53:47.225Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/22/2024 21:54:02.408.OUTLOOK (0x183C).0xB9C.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,

                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729634042211173400_B27576D5-8949-461F-8416-D284F10170AB.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):20971520
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241022T1754010783-6204.etl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):147456
                      Entropy (8bit):4.768853515328381
                      Encrypted:false
                      SSDEEP:768:2566hruUmUdtJ49iVQHpKRv9naSTZyZkjwXP9i2IclL5zAe1dZvYSfnj678WKWYV:W624qRv9naS92Icl9zAe1dZvkRXWlRt
                      MD5:1EF65CA7FFD4DA2B453268E480C51406
                      SHA1:1782B974544C9BDA0C436E2630BD4E339ADCD372
                      SHA-256:0DD2F0AB0EFC76BB8B31730E84792AE203AA7FE94B6D2C05D67BB55E703C3ADA
                      SHA-512:9BDD2EF249854E17D64366F06AD4B7561123B5D657632220B0FC2045E43DDBFBDBB317BA03933F91D2C5B8185B7D4EB9883BB0279E8161502DD4A678EF42411D
                      Malicious:false
                      Preview:............................................................................d.......<....l...$..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................................l...$..........v.2._.O.U.T.L.O.O.K.:.1.8.3.c.:.3.b.9.b.e.2.1.d.d.6.7.9.4.a.e.5.9.0.1.a.3.c.5.9.6.1.4.c.e.2.b.3...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.2.T.1.7.5.4.0.1.0.7.8.3.-.6.2.0.4...e.t.l...........P.P.....<........$..................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):30
                      Entropy (8bit):1.2389205950315936
                      Encrypted:false
                      SSDEEP:3:4Qh1:4
                      MD5:9DEE6F447B2931F25C1DE3F139B879E5
                      SHA1:2216A7EA70266607800C3182B264691F921EC9A8
                      SHA-256:FB9101E9473E158C9102D848245D346F3870015CAEBD894E7BF4CF66D4D4CA01
                      SHA-512:44AB876DC22D153E3E10A22F9CE5A56A42A13B6D42E5F3CA79FCDF80AC03FFFE1EEF194C56B8BFEDE373F5345CEA11609CE5C3F1073D9DF757B598F2789BEC0F
                      Malicious:false
                      Preview:.....D........................

                      C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Composite Document File V2 Document, Cannot read section info
                      Category:dropped
                      Size (bytes):16384
                      Entropy (8bit):0.6701051837376559
                      Encrypted:false
                      SSDEEP:12:rl3baFzbqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheC7qMv:rXmnq1Py9617qA
                      MD5:FD722D675550DA0FD4264D6BD17AFFB5
                      SHA1:6CD58FBE97A03762073475117143B676560C5F9D
                      SHA-256:4F8CE8CC859BDA5F11243810EBC3EA72E39CB68F30DB7795513AB6D6C61F7D13
                      SHA-512:3448F1884C14D3294EC12AE3E2DFBD014D389168CB46ACBF0DFCFCF6D513A42C6B78AF0DCAC7EDA95132E771FF067A9C85AD1068777A34BD5C4F4B3F18513C1B
                      Malicious:false
                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Microsoft Outlook email folder (>=2003)
                      Category:dropped
                      Size (bytes):271360
                      Entropy (8bit):2.393599587400271
                      Encrypted:false
                      SSDEEP:1536:I5FfzcyOAeq2ye6bdgYJS0Ip7sI5rPi5MZEs10bmJ3GLfk4W53jEpEHPVQ10BAwR:kBz2ye6ZLSP+4Ehkwkapj
                      MD5:2DF33962329BC85444A964F336669735
                      SHA1:0A76C5CA1C0065193E2501F32F5CC77D224049AD
                      SHA-256:6344C64B4645EDC267AE96240F2DE830BA7C1CC01E7EFABDB5BFA604D9ADF465
                      SHA-512:20D6D40353892101ED66D524963EDA5C9D1CEA59E6590D861760223471CEE67DAB7381CC8E8383313229945F62696D3A2C4324CB0D14A2F888DB3DFB623795D2
                      Malicious:false
                      Preview:!BDN6...SM......\...W8..................b................@...........@...@...................................@...........................................................................$.......D...............................................v..........................................................................................................................................................................................................................................................................................j'b9.a2.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):131072
                      Entropy (8bit):3.547436993893356
                      Encrypted:false
                      SSDEEP:1536:WJS0IpUsI5rKi5MZOs1fgn/NmCG+nSjRW53jEpEHPVQ10BAwr1xxLfIQAQ:u1K+4OaqlOjfpjy9IQ
                      MD5:1AF9B39A48D1ED3A0CFF35BED3389B6E
                      SHA1:66ECA859330E8A8E212070C43E66CB9F56CF0C82
                      SHA-256:E88959F93D2596753B424796CBBEB1DAEF8F491962E44B456A66183D299ED6FC
                      SHA-512:FBC7FF12510369D2B22E03F28E5B4942F454D69D821E167E7F2BF06248E07BADADFC29469FD0BC20229A54F35DEB3DFA7E29206317E13ADF9543AC6519995C2D
                      Malicious:false
                      Preview:....C...P.......<.....G..$....................#.!BDN6...SM......\...W8..................b................@...........@...@...................................@...........................................................................$.......D...............................................v..........................................................................................................................................................................................................................................................................................j'b9.a2...G..$.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                      Static File Info

                      General

                      File type:ASCII text, with very long lines (347), with CRLF line terminators
                      Entropy (8bit):6.12031975726119
                      TrID:
                        File name:8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml
                        File size:14'246 bytes
                        MD5:00ba8131647b7685611ef53288653bb2
                        SHA1:29104882127887336856bfdd82b76dc0c2226d7f
                        SHA256:553e11f5ceee941b9945f61fbf9eea03ff22f60ab5d695da043a872e475a71a1
                        SHA512:4575ba9c91a117ff544e3da7020e93ade086342dfd08ba83310cd32f8a937565ca81875319487a2ed93b91fbd0bbaf7d33c8952027f8af94a258e9a8ada920db
                        SSDEEP:384:bjVPP00ppevzfxBNzM2CoCQKURAMwizie:bjVPP0yYvzfxB2HopRpzx
                        TLSH:F4521AA81DF12835F69166CE4E11FD0B52526C9339B371803D9EB46B0A9F0FF6E1514E
                        File Content Preview:ARC-Seal: i=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass;.. b=P5FmKRZTgqz/SzhrLjyi06It+mOaNbwuZ6A0FHRJEY+72pL71pE+YWLFvaZn2yflxP8SvZmI4yxQPOwvFrWDdApLZwWz/aXnV+nuKR2KVxT+00tGGzBpQjLyK9d82B0s2rUSVVmeGHK90mtNsPIjRnTrTdtK4KpjukgCCa9KEU7gVxvZ

                        Static Mail

                        General

                        Subject:Missed VM Msg 00:27Secs from Wireless Caller 9757439990 - Ref:de752b5bb73c75c7452254cfd33445c5e4b83532
                        From:info@fpasandiego.org
                        To:mchee@eq3.com
                        Cc:
                        BCC:
                        Date:Tue, 22 Oct 2024 19:57:17 +0000
                        Communications:
                          Attachments:

                            Headers

                            Key Value
                            ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wvAn5p6cw6X7r/Z/ZF6xP1m0MUd2gQriAvJyS8AiK4oOnGR9iGzrh1RkF1FvhxlYAfA9nN4yZi/N+s5Nn1KKEUQhqHJcsmEXwZOWCVOoZflH8NhMIdGdmjwjZBtIdM3kbUDafKLvNebYOqXeHKSA6ClGGvcinYKPbDPsJS1NPQSa1LXzSX8BGnj8Jv4Gc4ih7SkxLCqd/J2lYUbXzVW8WidRc9hmE9TKfMNQ9nAJ7hWKrW6M3xaeOBUjPHEewVn9WI6MgZvoCJjZfM7ruImdBgaY5jzMmymnFIRTfk1ZlYfrd5CzmAYS/z6NKrY+SQ/tdCcDEMyphW6l5VYhyHfyRQ==
                            ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2RcKd6/vIkV2iLmsH+fojYYNnDFQeeHNNOjcTsxWxoo=; b=DwM2KI3gTLAX3Q6UZtnYCMCxrtMjdUvBUssg+HJamb/rxgCndzy9LzwuSalAfwEW6Yf6GAGP6gGs/Xp8/HzVuEp0gTttedG0CLmM0iD8O4UNOIuglcq+ottN7Vx0a5evq9sfbjZ2LbeSt4L9UNWwdzZuwYci228D/XbrYCfr9/3QGuBi+/e73VqNXjHJLnf5mjsQUhvqAs4T97EL9pUNGOFP/IqesdAmAOuWcAK/nY4x3i+sqTVKHt8ZUXG9fP9Ng+1XnBqUSEHd9g+45fBqHMuNWoqCC5pDli8yGkwKBNOpLoG2cYVS9k3TbQC+ImKyuofT5TBGFOsjUAzYrbksfg==
                            ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=softfail (sender ip is 104.192.2.220) smtp.rcpttodomain=eq3.com smtp.mailfrom=fpasandiego.org; dmarc=fail (p=none sp=none pct=100) action=none header.from=fpasandiego.org; dkim=none (message not signed); arc=none (0)
                            Receivedfrom [127.0.0.1] (104.192.2.220) by CO1PEPF000066EC.mail.protection.outlook.com (10.167.249.8) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8093.14 via Frontend Transport; Tue, 22 Oct 2024 19:57:18 +0000
                            Authentication-Resultsspf=pass (sender IP is 40.107.223.135) smtp.mailfrom=fpasandiego.org; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=fpasandiego.org;compauth=pass reason=100
                            Received-SPFSoftFail (protection.outlook.com: domain of transitioning fpasandiego.org discourages use of 104.192.2.220 as permitted sender)
                            X-MS-Exchange-Authentication-Resultsspf=softfail (sender IP is 104.192.2.220) smtp.mailfrom=fpasandiego.org; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=fpasandiego.org;
                            Content-Typetext; name="Play_VoiceMsg_mchee@eq3.com_{RANDOM_NUMBER5}CQDM.html"
                            Content-Transfer-Encodingbase64
                            Content-Dispositionattachment; filename="Play_VoiceMsg_mchee@eq3.com_{RANDOM_NUMBER5}CQDM.html"
                            Frominfo@fpasandiego.org
                            Tomchee@eq3.com
                            SubjectMissed VM Msg 00:27Secs from Wireless Caller 9757439990 - Ref:de752b5bb73c75c7452254cfd33445c5e4b83532
                            Message-ID<6ef3c584-cee6-3ba1-ab48-92967cae8688@fpasandiego.org>
                            DateTue, 22 Oct 2024 19:57:17 +0000
                            MIME-Version1.0
                            Return-Pathinfo@fpasandiego.org
                            X-EOPAttributedMessage1
                            X-MS-TrafficTypeDiagnostic CO1PEPF000066EC:EE_|MW4PR14MB7433:EE_|QB1PEPF00004E07:EE_|YQXPR01MB6686:EE_
                            X-MS-Office365-Filtering-Correlation-Idf1efd2bb-2fd4-4eb2-285f-08dcf2d3bd90
                            X-MS-Exchange-SenderADCheck1
                            X-MS-Exchange-AntiSpam-Relay0
                            X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|34070700014|1800799024|36860700013|376014|13213299012|82310400026|36200700002|2613699012;
                            X-Microsoft-Antispam-Message-Info-Original 5FhLbDmL6A8+Zb8P8p5qf9TdmZykkeOi+dT+XZu1N8AvJ2Y8AbAL9m1UC7SF4Uvf/ZDhLb4W0yI+xAVMi7K4ynTskkVN7I7hPjbMVuHGwam3KCx9IBtAbFD/qDQ4qM4wLJ5uB0jn6cRwsBCvfI79ESabVkg/F/Fl4rvtBYqUd01l2PDjUIKjHyZZlTWsBSoh+zx7bMzr5oKTiXEdEn+pdlPCV9819Nx5f0dWFBNGehSZhvUdzG5qgtvtQznQ1rslo+kro5iN1oHuGdt+cX8GrcfE0mUdV1cZw5HEDfpFDFT2j+1P2cZh/c7C5Q58cR1EyCORxdT54URgrPzRgi4foTPOVASklw8oVh86/Jp8nd7Hwr2mC//CjkLCQ7o/nKDuy+KlNBHIjhmbPygM5upxYiIoQO/cuIcsBRM9WvM9Tp1s8ohvrke2d7eN4d/toJtCkiVS/68FVjlPcXbbTnTZpVxYAInbRYRIMi/SRl95yWN5qabqUQ/8Lvykqpb5/mGYC9AkYcJVMw1JSrD78IKjiFIGa1PSPt1YEcjl7pa92s6RkC5syMQj5ZLyxf5xcDgLStaUtItWUOoTxUy2A6RlxfQw68BXEe1APrqj9dTIej8mb0rjvehKBQ+kr8znpfefa4ZjMEI5VyZ3lBU4lbY4rrwl5bgxkG0LXs2HRfpZsXFvWEPpQQXNBQLwCMLsk/mRuBPx2cXl0dlLbTLqOMhFdT50RKCYZ2WxLd9QNOwM9meqlYIjcMKHcKi7LxBduVx7NxlUc2FLi1H9zo6cihf1MX6BzFlkA3kjKHg6nTaXOt/xhLjbvVkTEAzSzHgdRFYgysDxd4o3r3uBiPF9PeJ7iaWUfXBkMg8srSmUCn8hP7YNrT56g7nUBPAT8/jHDUUFn00QejE6XPqnyYvpUEBhnZQ+8cpvDYDndEFCuJIMBvLHSuMItkmwIqfeSgCpL5OJcA8jUUC79QRLYSMrqYLF2/W2HgGewpUmMJFSnB4gv/AfS7I8umptuRMYNekVV27HvSLO6Ujp5FgS+nJl3UAEOk5hqOPPtixnttvZ7uydjNZhlTEsPSXnxo2dgSY4RYDPRJoj2FzODYCQf2vO7zEO6ZYFgDlBQSxRnKBApXT8ngYkc+MxxDO7yi5tgf/NGNSMirMIasrUuNE+pjyLqqEriuCMe/0D/Osh4ukJ+naUIIY=
                            X-Forefront-Antispam-Report-Untrusted CIP:104.192.2.220;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:ip-104-192-2-220.host.datawagon.net;CAT:NONE;SFS:(13230040)(34070700014)(1800799024)(36860700013)(376014)(13213299012)(82310400026)(36200700002)(2613699012);DIR:OUT;SFP:1102;
                            X-MS-Exchange-Transport-CrossTenantHeadersStampedMW4PR14MB7433
                            X-EOPTenantAttributedMessage0425bd82-8a87-4218-8340-389a8f65c84f:0
                            X-MS-Exchange-Transport-CrossTenantHeadersStripped QB1PEPF00004E07.CANPRD01.PROD.OUTLOOK.COM
                            X-MS-Exchange-Transport-CrossTenantHeadersPromoted QB1PEPF00004E07.CANPRD01.PROD.OUTLOOK.COM
                            X-MS-PublicTrafficTypeEmail
                            X-MS-Office365-Filtering-Correlation-Id-Prvs 645e918a-2927-4efa-dac7-08dcf2d3bc18
                            X-MS-Exchange-AtpMessagePropertiesSA|SL
                            X-Forefront-Antispam-Report CIP:40.107.223.135;CTRY:US;LANG:en;SCL:9;SRV:;IPV:NLI;SFV:SPM;H:NAM11-DM6-obe.outbound.protection.outlook.com;PTR:mail-dm6nam11on2135.outbound.protection.outlook.com;CAT:HPHISH;SFS:(13230040)(35042699022)(13213299012)(2092899012)(12012899012)(2613699012)(43540500003);DIR:INB;
                            X-Microsoft-Antispam BCL:0;ARA:13230040|35042699022|13213299012|2092899012|12012899012|2613699012|43540500003;
                            X-Microsoft-Antispam-Message-Info wuYxEBV4ZdS/+azXZiQTMuuQRPYvFQKJyq9i5yZFg+k3ZvM/Ricm/bAqu6/KQVj3dcwmiPje/ZjRIjN1x08JOIqki+XVWR9YWXnt8P9cjBlR+aTUjn9EtDSt1PSVyhCVNRA3CkN8Opa4s8FZsTbtvoK2Ni72qKaXadIEqKkMRHQx+sM9yMylEkoxPqfsXesNqPEKbl3N7RZJWtNL0FE9hVRqxjF0uLz3pGub0bZe0DGTWPMTId/7JNlZ1Jb4raKLvK8z6Bgi7V+36uteNKlNmXwizlhr9FWxOHMMS25BWzDmWT2WwnzqwDa8mItTIUOHiihTYOqHj2uCKLKg83Iah13b9RCQVPy1shp8ytceK2bHjey80+SvAr2BsAqa5nuxBtqW8vsby4cSpHdUKhEgoLE+VdTewrq0w9DMqjTLbicz44S6TkLMMr2xylrI8wXW7zNcTEuDTyzBczbKd2PXZpQYFaNE7p868yzV9rUfTG34duguSsKUYGf6uaEFuqiqWzs1fzQMfV0VYVkxD0U48zQs1wDeMNZFmn7I+hr8LHhb+8BHXwW5Kbf6qz5W9vg4niREPAH5NkSQ68rcJPbbCRcTnep7KjH4wq4t2UssOiMMbXiM1Zt2qeoxpVqMSOgZ6IjRupP7+fhkCV8zc2UBND/JEyaJiBWZfkvhbDwAZuCWhC9O8VvPpu9SIAHDVrLonJkWrjpXPO61VS/u4Wb3HiltwmKPr39CZ9CixBnpD5KYn2X4J0T4+KoIbb5YbGQIgh/hkyUzXq6StNkZAaZA0zRF4X4OWEfUTw/vcUf5YhvlTqr1GUEXjHEZMZ1COXgjEd6e3bnH/BWZp6voXadGXJw8+4bwBmDj+BsMRLd3hFZhCImI/N4z60nCqBZVUIlUxW0vymwl7RQ4NfvpaGkzCERfIhD2EsIu8D+BFombXIZQaZfuYSLrxmQhzJjj2W/S03OqmTm2hTbxCa3eZ6bdvNqq9EbF+B8/+R1OkBzm8wpYKVRhX/tKxdzHORkdrDyKRmeR8rUKf+5wW5bLXjMCh4CermQsRT/wUJDxS0JeVdFUJAdMkMbWg/r94i9UKT7QRBchmw02VI7akMK+3IAKZn84XcuXlR0m+xqfrTM+6iJ9bBOhjsmuPDqvTFBJdwyp9sYZmF/o0WZb3/uWakrfXzI3v50TBP79LI1sZeyRo3OzGKA1oaUkZb45Y1wfd6MrUxb20afgEpYqrm5QcgQIiY9uXytp154ShNkuBe3fPx9l1n129XZXdsVGvClbjhFGqKnOP+C6VeybpK6t7LheV3fGZm9mNgRtXi7ko6hVosA8SCKGGkIhzNrjXPfbGxK1rkugUFQzMPpFmiSsRG326hzPDmGS8SYloZ4EgaSAzE5ojfgEokhybZSURUIv0Plr8K5Aatogb09XOQEVrrY1tIODblPPJqz3TxqFe45yx9EzxVaxdUn5DU4oUa5dbNr6qA1ISksevT32PpJuYGNzFjl/X3rxn4H/XlrGJaGQOp8Zn/sTz1KJgveP2n+zou+xfgLdeQu5a7WOEGp2h4JOTgKj+plEsLXiA69FXUAXjls0JBtXOlFQoVB+aqj44PT7wN6O+o4PWmXvWiKJ/ZsVygbKXniVaZfCytyIVy719838tYhDyIKSrNH9eimCo2dik2uEQrcXSwpe0jn5PTNvRjpiskLuklWQ2H+vsc9owSDBbPTNGVoBe0BjOY75QG8BXHytH0YOLdJJX+rJrefxEXwqCPS1X7UzstBC/pHtiTge7Sxg+vROkBTq1owi5xTBO0xPAIOeeBW38U7f6DqBrtGgMtKjfqyyINEUA7V/XPEiQ+NxFi9qmzPsrgtD5lJ+ehwUUQKo7wyGUNXga31ipcklFZ6Yy01u0PTeQRu6i4NfB3WLVBUx019hVEEYvmD9rg5JZZ2OGyNQpue5hmorWdDtICcuAiVahvAQ6+wTL0K7Nf4nWkLt/bze3XlmyFmsLqEZcwKc45frpN9srGT6j/o1csWO75kNWTFZ+vqUMlyRoxpm/qLkKWqkdjoUQ1BItwjBEDjaBkThDFZbACNi8IYxyf5/N/JmtbluzrMbH5UZhe4n1MbKoVQ+c7B1TBananQFCR01dAQFjZohEDDZrP+mbCUCWKarLAAHqTU+9lBvOfqj20/gB/5hsksO8HmRy5QCGxDR9vpL9xEodS5A0nniUVphGyjrLqVmREL8ikEWjjVZPlC9xPsojH69GmZ6L1v+h7jXnhqwiMOpu7kqSAvA2+RhspAnJTB+hYJL/2WW6pTxF1+hZqJkNCGMwH0CkFf42Y64Sb+F7xBhQHqVSOQPrysW4RPzgSpSI+LhHBEHtPNGpHT3oRFBPsRldSy46ZC3s2uv6uoOdacp+tG/nL3eIuY6DWXDRYjwPaZuECBSIFlat5N/7SL0baDwGCKc5U2w4VndtvipBc5nMhkeNoAEYjA8FG/tXvPxKYH7IR1w6I62GswEGA1DXKVUgSMG4YgAtd6qFM/X4rSGX5pfvgmGfJiUvkgmX3wZ+2H8pXFuPZEtcl5Apnn56cPIM0YYqpYFT5kSGye/vDR8kgVh9zbz13hfNriNeB0mk/bnLXiifIh6tC0V8IljgJSxgauNsj9kFw74oxiREDbp4Z/Mw+hDb6bAzdAiNsEzLWC9tuurFtS8Z3DFpdk/WwN/Axb2nh7EkueanNGoyyAsfoPNM05ofoHpfzQr4ZPdmQ3W75bf4+UT38RK0jSwK/KRfphRqWQsEZLoZGj6b4zevkzzFwrK/Izq3COPEJcNx5zk7q5UxIsV4E9LqiyvtPFDPK0v

                            File Icon

                            Icon Hash:46070c0a8e0c67d6

                            Network Behavior

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Oct 22, 2024 23:54:11.959433079 CEST1.1.1.1192.168.2.50x18b0No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                            Oct 22, 2024 23:54:11.959433079 CEST1.1.1.1192.168.2.50x18b0No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                            Oct 22, 2024 23:55:16.092078924 CEST1.1.1.1192.168.2.50x1ca1No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                            Oct 22, 2024 23:55:16.092078924 CEST1.1.1.1192.168.2.50x1ca1No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            General

                            Target ID:0
                            Start time:17:53:59
                            Start date:22/10/2024
                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                            Wow64 process (32bit):true
                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\8ae7220a-ee65-2f3e-f16a-3109ff4fb7ec.eml"
                            Imagebase:0x180000
                            File size:34'446'744 bytes
                            MD5 hash:91A5292942864110ED734005B7E005C0
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            General

                            Target ID:2
                            Start time:17:54:05
                            Start date:22/10/2024
                            Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5665F238-8B64-4173-A045-8BC802E60CB0" "4B797061-BB80-41FC-B318-8225D6BE7667" "6204" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                            Imagebase:0x7ff7337d0000
                            File size:710'048 bytes
                            MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:false

                            Disassembly

                            No disassembly