Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml

Overview

General Information

Sample name:Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml
Analysis ID:1546707
MD5:543f12870f7a3c5db739b30e81f7a997
SHA1:784d94383852bd193e3d1c6d033f1644544ae67b
SHA256:2653f498a78dd5ac51591b917ffb45b9489f640422a90bce84a81fd080198cac
Infos:

Detection

Score:22
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 6356 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5184 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "72C3A8EF-1365-4DC2-9C9F-21F13EED8A2D" "3FF48669-EE9F-42A6-B5B2-E0F6BAD34912" "6356" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6356, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-01T13:58:00.792652+010020229301A Network Trojan was detected20.12.23.50443192.168.2.849734TCP
2024-11-01T13:58:44.466969+010020229301A Network Trojan was detected20.12.23.50443192.168.2.864281TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.8:64281
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.8:49734
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: Fhttps://www.purolator.com/assets/img/notification-template/twitter.png equals www.twitter.com (Twitter)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: Ghttps://www.purolator.com/assets/img/notification-template/facebook.png equals www.facebook.com (Facebook)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: Ghttps://www.purolator.com/assets/img/notification-template/linkedin.png equals www.linkedin.com (Linkedin)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: HYPERLINK "https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.facebook.com%2FPurolatorInc%2F/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/-ZU6H3VcuvULqAyLSZDg7z7aJ4g=183" \t "_blank" equals www.facebook.com (Facebook)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: HYPERLINK "https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.facebook.com%2FPurolatorInc%2F/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/01Qin12At01-SyOHHgjoSf7Fm5U=183" \t "_blank" equals www.facebook.com (Facebook)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: HYPERLINK "https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fcompany%2Fpurolatorinc%2F%3ForiginalSubdomain=ca/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/dXHXCHyYU-r_h-Qz_dmdnmti6pc=183" \t "_blank" equals www.linkedin.com (Linkedin)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: HYPERLINK "https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fcompany%2Fpurolatorinc%2F%3ForiginalSubdomain=ca/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/2JZaaNQYRCGS7dHw8KYPt-f3cqY=183" \t "_blank" equals www.linkedin.com (Linkedin)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: INCLUDEPICTURE \d "https://www.purolator.com/assets/img/notification-template/facebook.png" \* MERGEFORMATINET equals www.facebook.com (Facebook)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: INCLUDEPICTURE \d "https://www.purolator.com/assets/img/notification-template/linkedin.png" \* MERGEFORMATINET equals www.linkedin.com (Linkedin)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: INCLUDEPICTURE \d "https://www.purolator.com/assets/img/notification-template/twitter.png" \* MERGEFORMATINET equals www.twitter.com (Twitter)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: WWFhttps://www.purolator.com/assets/img/notification-template/twitter.png equals www.twitter.com (Twitter)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: WWGhttps://www.purolator.com/assets/img/notification-template/facebook.png equals www.facebook.com (Facebook)
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: WWGhttps://www.purolator.com/assets/img/notification-template/linkedin.png equals www.linkedin.com (Linkedin)
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: http://www.purolator.com/en/legal/privacy.page
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: http://ytzn6hcf.r.ca-central-1.awstrack.me/L0/http:%2F%2Fwww.purolator.com%2Fen%2Flegal%2Fprivacy.pa
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: http://ytzn6hcf.r.ca-central-1.awstrack.me/L0/tel:18887447123/1/010d0192e7b9ba45-65f33b73-7575-4013-
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: http://ytzn6hcf.r.ca-central-1.awstrack.me/L0/tel:18887447123/2/010d0192e7b9ba45-65f33b73-7575-4013-
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.aadrm.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.aadrm.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.cortana.ai
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.microsoftstream.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.office.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.onedrive.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://api.scheduler.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://app.powerbi.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://augloop.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://augloop.office.com/v2
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://canary.designerapp.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.entity.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cortana.ai
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cortana.ai/api
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://cr.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://d.docs.live.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dev.cortana.ai
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://devnull.onenote.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://directory.services.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ecs.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://edge.skype.com/rps
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://graph.windows.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://graph.windows.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ic3.teams.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://invites.office.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://lifecycle.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://login.microsoftonline.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl.0.drString found in binary or memory: https://login.windows.localMi
Source: OUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl.0.drString found in binary or memory: https://login.windows.localMiR
Source: OUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl.0.drString found in binary or memory: https://login.windows.localnulliloD
Source: OUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl.0.drString found in binary or memory: https://login.windows.localnullt.C
Source: App1730465876299911000_E5532865-601E-49D9-A476-BDF91ABE81C6.log.0.drString found in binary or memory: https://login.windows.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://make.powerautomate.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://management.azure.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://management.azure.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.action.office.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://messaging.office.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://mss.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ncus.contentsync.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://officeapps.live.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://officepyservice.office.net/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://onedrive.live.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office365.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office365.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://powerlift.acompli.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://purolator.com/en/tracker?pin=335008262560
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://purolator.com/fr/expedition/faire-le-suivi-dun-envoi?pin=335008262560
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://res.cdn.office.net
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://service.powerapps.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://settings.outlook.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://staging.cortana.ai
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://substrate.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://tasks.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://track.purolator.com/notifications/en/unsubscribe/aeeec071-55fa-4a84-939c-5ec1232d889a.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://webshell.suite.office.com
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://wus2.contentsync.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/facebook.png
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/linkedin.png
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/logo_desktop.jpg
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/logo_desktop_fr.jpg
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/redbluebar.jpg
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/status_outfordelivery_en.jpg
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/status_outfordelivery_fr.jpg
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/assets/img/notification-template/twitter.png
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://www.purolator.com/fr/legal/privacy.page?
Source: C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drString found in binary or memory: https://www.yammer.com
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2F/1/010d0192e7b9ba45-65f33
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2F/2/010d0192e7b9ba45-65f33
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2Fen%2Ftracker%3Fpin=335008
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2Ffr%2Fexpedition%2Ffaire-l
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftrack.purolator.com%2Fnotifications%2Fen%
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftrack.purolator.com%2Fnotifications%2Ffr%
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftwitter.com%2Fpurolatorinc%3Flang=en/1/01
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftwitter.com%2Fpurolatorinc%3Flang=fr/1/01
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fcompany%2Fpurolatorinc
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Fen%2Fhome.page/1/010d
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Fen%2Fhome.page/2/010d
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Fen%2Fship-track%2Ftra
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Fhome.page/1/010d
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Flegal%2Fprivacy.
Source: ~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drString found in binary or memory: https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Fship-track%2Ftra
Source: classification engineClassification label: sus22.winEML@3/26@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "72C3A8EF-1365-4DC2-9C9F-21F13EED8A2D" "3FF48669-EE9F-42A6-B5B2-E0F6BAD34912" "6356" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "72C3A8EF-1365-4DC2-9C9F-21F13EED8A2D" "3FF48669-EE9F-42A6-B5B2-E0F6BAD34912" "6356" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior

Persistence and Installation Behavior

barindex
AI detected potential phishing Email
Source: EmailLLM: Detected potential phishing email: All links contain tracking parameters and redirect through 'ytzn6hcf.r.ca-central-1.awstrack.me' instead of direct Purolator domains
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
https://service.powerapps.com0%URL Reputationsafe
https://graph.windows.net/0%URL Reputationsafe
https://devnull.onenote.com0%URL Reputationsafe
https://messaging.office.com/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://augloop.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
https://officepyservice.office.net/0%URL Reputationsafe
https://api.diagnostics.office.com0%URL Reputationsafe
https://store.office.de/addinstemplate0%URL Reputationsafe
https://wus2.pagecontentsync.0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
https://cortana.ai/api0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://shell.suite.office.com:1443C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.netC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
  • URL Reputation: safe
unknown
https://www.purolator.com/assets/img/notification-template/facebook.png~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
    		unknown
    https://autodiscover-s.outlook.com/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://useraudit.o365auditrealtimeingestion.manage.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/connectorsC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cdn.entity.C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v1C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.aadrm.com/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://canary.designerapp.C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.localnulliloDOUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl.0.drfalse
      		unknown
      https://www.yammer.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
      • URL Reputation: safe
      		unknown
      https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.microsoftstream.com/api/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
        		unknown
        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
        • URL Reputation: safe
        		unknown
        https://cr.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
        • URL Reputation: safe
        		unknown
        https://messagebroker.mobile.m365.svc.cloud.microsoftC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
        • URL Reputation: safe
        		unknown
        https://otelrules.svc.static.microsoftC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
          		unknown
          https://edge.skype.com/registrar/prodC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
          • URL Reputation: safe
          		unknown
          https://res.getmicrosoftkey.com/api/redemptioneventsC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
          • URL Reputation: safe
          		unknown
          https://tasks.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
          • URL Reputation: safe
          		unknown
          https://officeci.azurewebsites.net/api/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
          • URL Reputation: safe
          		unknown
          https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Fship-track%2Ftra~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
            		unknown
            https://my.microsoftpersonalcontent.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
              		unknown
              https://store.office.cn/addinstemplateC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
              • URL Reputation: safe
              		unknown
              https://login.windows.localMiOUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl.0.drfalse
                		unknown
                https://edge.skype.com/rpsC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                • URL Reputation: safe
                		unknown
                https://messaging.engagement.office.com/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                • URL Reputation: safe
                		unknown
                https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                • URL Reputation: safe
                		unknown
                https://www.odwebp.svc.msC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.powerbi.com/v1.0/myorg/groupsC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                • URL Reputation: safe
                		unknown
                https://web.microsoftstream.com/video/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.addins.store.officeppe.com/addinstemplateC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                • URL Reputation: safe
                		unknown
                https://www.purolator.com/assets/img/notification-template/redbluebar.jpg~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                  		unknown
                  https://graph.windows.netC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://www.purolator.com/fr/legal/privacy.page?~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                    		unknown
                    https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Flegal%2Fprivacy.~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                      		unknown
                      https://consent.config.office.com/consentcheckin/v1.0/consentsC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://notification.m365.svc.cloud.microsoft/PushNotifications.RegisterC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                        		unknown
                        https://d.docs.live.netC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                          		unknown
                          https://safelinks.protection.outlook.com/api/GetPolicyC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Fen%2Fhome.page/2/010d~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                            		unknown
                            https://ncus.contentsync.C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://www.purolator.com/assets/img/notification-template/logo_desktop.jpg~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                              		unknown
                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://weather.service.msn.com/data.aspxC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://mss.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://pushchannel.1drv.msC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.purolator.com/assets/img/notification-template/status_outfordelivery_en.jpg~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                		unknown
                                https://wus2.contentsync.C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://clients.config.office.net/user/v1.0/iosC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://api.addins.omex.office.net/api/addins/searchC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://outlook.office365.com/api/v1.0/me/ActivitiesC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://clients.config.office.net/user/v1.0/android/policiesC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://entitlement.diagnostics.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://outlook.office.com/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                  		unknown
                                  https://storage.live.com/clientlogs/uploadlocationC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    		unknown
                                    https://login.microsoftonline.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://substrate.office.com/search/api/v1/SearchHistoryC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://clients.config.office.net/c2r/v1.0/InteractiveInstallationC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://service.powerapps.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://graph.windows.net/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://devnull.onenote.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://messaging.office.com/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://ytzn6hcf.r.ca-central-1.awstrack.me/L0/tel:18887447123/2/010d0192e7b9ba45-65f33b73-7575-4013-~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                      		unknown
                                      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://skyapi.live.net/Activity/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://api.cortana.aiC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                        		unknown
                                        https://messaging.action.office.com/setcampaignactionC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://visio.uservoice.com/forums/368202-visio-on-devicesC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://staging.cortana.aiC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://onedrive.live.com/embed?C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                          		unknown
                                          https://augloop.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://api.diagnosticssdf.office.com/v2/fileC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://track.purolator.com/notifications/en/unsubscribe/aeeec071-55fa-4a84-939c-5ec1232d889a.~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                            		unknown
                                            https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://officepyservice.office.net/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fcompany%2Fpurolatorinc~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                              		unknown
                                              https://www.purolator.com/assets/img/notification-template/status_outfordelivery_fr.jpg~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                                		unknown
                                                https://api.diagnostics.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://store.office.de/addinstemplateC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://login.windows.localMiROUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl.0.drfalse
                                                  		unknown
                                                  https://wus2.pagecontentsync.C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.powerbi.com/v1.0/myorg/datasetsC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2F/2/010d0192e7b9ba45-65f33~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                                    		unknown
                                                    https://cortana.ai/apiC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftrack.purolator.com%2Fnotifications%2Ffr%~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                                      		unknown
                                                      https://api.diagnosticssdf.office.comC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://login.microsoftonline.com/C8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeC8EA34AD-542A-447E-8BCD-2E90D61C1EFB.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Fhome.page/1/010d~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp.0.drfalse
                                                        		unknown

                                                        World Map of Contacted IPs

                                                        No contacted IP infos

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1546707
                                                        Start date and time:2024-11-01 13:56:32 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 4m 51s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:10
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml
                                                        Detection:SUS
                                                        Classification:sus22.winEML@3/26@0/0
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .eml

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.109.76.243, 2.19.126.160, 2.19.126.151, 52.113.194.132, 20.42.65.85
                                                        • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, onedscolprdeus05.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • VT rate limit hit for: Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml

                                                        Simulations

                                                        Behavior and APIs

                                                        No simulations

                                                        LLM Input / Output

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        No context

                                                        Domains

                                                        No context

                                                        ASNs

                                                        No context

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):231348
                                                        Entropy (8bit):4.381600013249187
                                                        Encrypted:false
                                                        SSDEEP:3072:thdgfilmKglmiGu27DqoQVrt0FvO8+0dJ2dsvCWjxDE:tLmmi2KY3atWW
                                                        MD5:1B26D5FAAB712BCAF5C8E419FBFE85D7
                                                        SHA1:A10403D1EE5D76C491535588D5EEAE08D0A27068
                                                        SHA-256:D7E73DD98CE24971F7A7A817E9EAAE834167552E30AD4DFA702424DCDA343CDB
                                                        SHA-512:FC68C7AE147A5F0B084F94A4CD2FF9A4B2A5695C6592AD623F26CBD7131E503496B4F65C2976CB9A8034C99AA10B4513EAE0146282F5A81A529C6466667B0FBA
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:TH02...... ..o..],......SM01X...,......],..........IPM.Activity...........h...............h............H..h\.V........b...h........0...H..h\hub ...AppD...h8...0.....V....h..&............h........_`#k...h..&.@...I.Dw...h....H...8.(k...0....T...............d.........2h...............k..............!h.............. hv..-.....V...#h....8.........$h0.......8....."h8.......h.....'h..k...........1h..&.<.........0h....4....(k../h....h.....(kH..hX...p...\.V...-h .........V...+hW.&.....P.V................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):322260
                                                        Entropy (8bit):4.000299760592446
                                                        Encrypted:false
                                                        SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                        MD5:CC90D669144261B198DEAD45AA266572
                                                        SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                        SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                        SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                        Malicious:false
                                                        Reputation:high, very likely benign file
                                                        Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:ASCII text, with no line terminators
                                                        Category:modified
                                                        Size (bytes):10
                                                        Entropy (8bit):2.9219280948873623
                                                        Encrypted:false
                                                        SSDEEP:3:LHSn:W
                                                        MD5:63228BEC902948A296D60A2FAFEDDA77
                                                        SHA1:10DF327D832BC388B22ED53E6147D700EC0F1F96
                                                        SHA-256:B5AE7E29DCC8032E98F4CD9919A4F5225BD0381031A5D1D3E454E91A88A58B35
                                                        SHA-512:D541681B94FC29BE29F15DC08A2C292B8C5A6F2B7E3D73AA1B63C0F49D9A028F71CC6B5E7E974B575A5C3BAECEAAD36F1A25CBFF291F9E709C6B921880C59CCB
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:1730465885

                                                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C8EA34AD-542A-447E-8BCD-2E90D61C1EFB

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):180288
                                                        Entropy (8bit):5.290995215005902
                                                        Encrypted:false
                                                        SSDEEP:1536:Pi2XfRAqFbH41gLEwLe7HW8QM/o/NMOcAZl1p5ihs7EXXOEADpOoagYdGVF8S7CC:9Pe7HW8QM/o/aXbbkx
                                                        MD5:08A9D62CB30B3D4859FBD1B38BE77491
                                                        SHA1:DCBEE244925DC5AF36EE9C6048F18EB44D519F32
                                                        SHA-256:5701EDE208A9D2BF257ED7804315162A01E0A12E39456095D39312E2FD6093AF
                                                        SHA-512:2FE34E10EEF13ECCC3C4666B2719D19D5848BA7DCF1F89DFD7666821C99BCB0895B6C085988BE81EBBF4226C0213E567646389775097B4979AB1F1143EDC85C7
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-01T12:58:00">.. Build: 16.0.18223.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                        Category:dropped
                                                        Size (bytes):4096
                                                        Entropy (8bit):0.09216609452072291
                                                        Encrypted:false
                                                        SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                        MD5:F138A66469C10D5761C6CBB36F2163C3
                                                        SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                        SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                        SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                        Malicious:false
                                                        Reputation:high, very likely benign file
                                                        Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:SQLite Rollback Journal
                                                        Category:dropped
                                                        Size (bytes):4616
                                                        Entropy (8bit):0.13760166725504608
                                                        Encrypted:false
                                                        SSDEEP:3:7FEG2l+tsR9Q/FllkpMRgSWbNFl/sl+ltlslVlllfllS:7+/lfUg9bNFlEs1EP/i
                                                        MD5:F3C35E4998E27E641C361F3CCD2B61B8
                                                        SHA1:68ABBC475586D56B6684CBABE620B5A797AF2017
                                                        SHA-256:EDB5B77424CC4652855334CD3BB52C5A8327DB6F7B26C6062EDE50D32C0D0EEA
                                                        SHA-512:6C4F0DDB0087BD19BE3944AD4981D7F4F54B141AAD7A357BD01A61BD3FC514686EBC90FEF1868C4B45ECA57CCB24256FC19CE37286A0A7730B500616F8B34445
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:.... .c.......4X....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):32768
                                                        Entropy (8bit):0.0447824104283491
                                                        Encrypted:false
                                                        SSDEEP:3:G4l2wIIowk6/l4l2wIIowkVElL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2wPtk6t4l2wPtkiL9XXPH4l942U
                                                        MD5:4A65882961EA2095BCEC25D6099A375B
                                                        SHA1:758C0FC33B6CE91C58C889C86CD20C7AE6696765
                                                        SHA-256:0EEB745D3E8E355AF299878A04DCD5D12F9B25A8BAE787A0729BBD36F804737B
                                                        SHA-512:A41DBDA870EA85D3D4C428D1567897EFFE809B5DB1986B08CC018E983F89C89A610C642FF047932E04187017271EBE11ABF02144E1243C82A60472806D91E9C7
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:..-.....................Z.5(I....|&...g.U.b%.X...-.....................Z.5(I....|&...g.U.b%.X.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:SQLite Write-Ahead Log, version 3007000
                                                        Category:dropped
                                                        Size (bytes):45352
                                                        Entropy (8bit):0.39485640456772003
                                                        Encrypted:false
                                                        SSDEEP:24:KLcjWHQ3zRDjGdqaUll7DBtDi4kZERD385zqt8VtbDBtDi4kZERDZkm:NWHQ12rUll7DYMD85zO8VFDYM9km
                                                        MD5:FE79F4BF83F5ECC1641D6BB41A31CC1D
                                                        SHA1:486C444C7719F0E3AB6C0462DE0D224174646AB6
                                                        SHA-256:7B100CCC9340BA0A6CF31E27707E9D339F45B09A170EAF131253D47C81E7BB96
                                                        SHA-512:71C41AC49866BE380966A4833B5E5855B7348A3679B5DC63BECEB3EB767B6F5145E3FF4B94499D19B14601CDFF762AA4357784AB3365CF625B9A9AD92B055753
                                                        Malicious:false
                                                        Preview:7....-...........|&...g......>.........|&...g.....w.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{127FB82C-804D-49EE-9D92-ED68116F1F7B}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{144E060A-5486-4FA6-8268-5A871D6192F6}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1B0328F8-BF85-43EE-B256-9EDFBFB81643}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2569CFA8-3697-4406-AC62-B1FC122F867C}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):54568
                                                        Entropy (8bit):3.979945828018244
                                                        Encrypted:false
                                                        SSDEEP:768:Xxh3xshXh37umhsvhIXhhehsThmRhgAhGhZhfy8XWMBEIMOhQCKV8hD7+7h5vhIa:hQ9Z7IAI7MPLBY7l84udQVv
                                                        MD5:EE5BF8FA970BA62E2EA34AE3FC2411D4
                                                        SHA1:89088D19C50240A9A5B76FC2BCEF1B7C44A595B2
                                                        SHA-256:F931A4825D3B8BC822B1EE29537EF123EF2ACDA8474FA6E5E74DEFB737A36689
                                                        SHA-512:FB2A463C690BAB33DC52940617500DA0159CE4E9E21B35001A3A29CAD40D4AA3C9F0BDB865C4D03874270893795C71BFB8D5CC9452ECB10D14956FFD23286ED4
                                                        Malicious:false
                                                        Preview:...... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4...6...8...:...<...>...@...B...D...J...L...N..................................................................................................................................................................................................................................................................................................................................$.a$......d....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{57B795D4-36B7-4234-B05A-AB71E4C56235}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{5DCE1529-C71D-4649-992D-11C032085FBC}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):3.589105376043747
                                                        Encrypted:false
                                                        SSDEEP:96:2dfhHJb+wRrXdUa/bzSzhJREu3CUhJRafNwPlXQQ32EL:2dfhxLRRJzGJiu3CFwtX13h
                                                        MD5:3BB4C4564C06D604A957986F5F4A0833
                                                        SHA1:0559A750D466D7BE8D1E17B98913A4295D222018
                                                        SHA-256:4F1CE720B5E5DFF3401A54D18FBC5CCD72F71FFEEE112C3A82340847F7C97A58
                                                        SHA-512:6E83207FB3BB5642CAFC5D2E3E34153229F870F8CBC23E1114CC158B7BC9B4735A87D9F475A8B1B9C2E306D578CBD0DF7BE0A7EB46DB53E9BACE8687352F3393
                                                        Malicious:false
                                                        Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...h.u.b.e.r.t...h........................................................................................................................................................................................................................................................................................................................................................................................... ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{673157A2-B765-40A1-AC62-46AEFE03AB03}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{67E7997A-312B-4D05-857B-8D0BCFCDEF24}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BE90CF2F-B02C-480D-997D-D57343B2907A}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{E30174B7-8400-4E77-BA78-666C94AB83C1}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{E5721B8A-CEA6-4B53-9746-D7EDD5A2ACFE}.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1024
                                                        Entropy (8bit):0.03351732319703582
                                                        Encrypted:false
                                                        SSDEEP:3:ol3lG:40
                                                        MD5:830FBF83999E052538EAF156AB6ECB17
                                                        SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                        SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                        SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730465876299911000_E5532865-601E-49D9-A476-BDF91ABE81C6.log

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:ASCII text, with very long lines (1981), with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):20971520
                                                        Entropy (8bit):0.008325729705515683
                                                        Encrypted:false
                                                        SSDEEP:384:bOpmB1SclTk7LxkN2jQ4zoLfTepXTAjur/oML9qiE2dB:bWmBQ2TmGUjLoTG0juDdsiEsB
                                                        MD5:BA7B15097DE69255AF28259D80132B0A
                                                        SHA1:228BDDB4D526DC88B5FF7943598C01ABD655592B
                                                        SHA-256:1E51DF672D1BE8CFB9848A071BED0C21CFBC0713689065505407227B7743287D
                                                        SHA-512:2020D9A57F12AFE40233E6D9B80528B3D26DC9A2BA921BE94FD21E1F4C7116AA5E9CDF2204D50AE6C4BCD1241D3410D1906AD44E8D2915823E6FE86F738930C1
                                                        Malicious:false
                                                        Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/01/2024 12:57:56.498.OUTLOOK (0x18D4).0x10B8.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-11-01T12:57:56.498Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"DB1481E1-DACC-4066-9754-0B227D2FFC7A","Data.PreviousSessionInitTime":"2024-11-01T12:57:25.460Z","Data.PreviousSessionUninitTime":"2024-11-01T12:57:28.445Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...11/01/2024 12:57:56.529.OUTLOOK (0x18D4).0x18E4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22

                                                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1730465876356548600_E5532865-601E-49D9-A476-BDF91ABE81C6.log

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):20971520
                                                        Entropy (8bit):0.0
                                                        Encrypted:false
                                                        SSDEEP:3::
                                                        MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                        SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                        SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                        SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                        Malicious:false
                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241101T0857530998-6356.etl

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):131072
                                                        Entropy (8bit):4.708429746020408
                                                        Encrypted:false
                                                        SSDEEP:768:VGyVuQJPN9rpASa4YfQxHV993JJkVk2Xrv4UhiYpWikZW44Nw1XNb0rr3nYXQQWZ:Vllm4pb93P0fXXw1XNbZXsBL
                                                        MD5:EDD881CC203BD2C6DE6D9424C6966415
                                                        SHA1:2644B9EBA14E5B4B182D66996E9C6EEBD9CB76ED
                                                        SHA-256:C1D1DE2DA5384FEB404AC300ED144FF7A3ECF0BA200E8D7228BD14D78CD8F7DD
                                                        SHA-512:4FE740F70F80F81CD5125600177E3A9E7D475DA269A13715ABDEDD7C0D6050D85991937A80AE357DA977F5C7FF806E4FB5101CDEF46E0CC7411BAD082C54312A
                                                        Malicious:false
                                                        Preview:............................................................................d...........[if.],..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1........................................................... .ymY...........[if.],..........v.2._.O.U.T.L.O.O.K.:.1.8.d.4.:.f.e.e.2.6.f.4.c.f.c.e.9.4.c.6.e.8.d.1.b.7.0.d.6.5.0.a.b.5.9.4.b...C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.0.1.T.0.8.5.7.5.3.0.9.9.8.-.6.3.5.6...e.t.l...........P.P.........[if.],..................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):30
                                                        Entropy (8bit):1.2389205950315936
                                                        Encrypted:false
                                                        SSDEEP:3:erzllt:erz
                                                        MD5:C35E75E57EA8F61DB80DED42E9FF9E72
                                                        SHA1:BFA982318676CAC7D9B53950BAF04881243F5E4C
                                                        SHA-256:6CD3FB14A863FD04957E7B750E68E023A816703F0ADF82385309F58AFC6F59BD
                                                        SHA-512:B0D2031E1C8CE7BA9747D649175AB1BB9132B6457A1CADDAC724CFE3E3DEF6D8E8AA3EBF3974973120535233DED24A7CAD42739D6EF1E1FCCB7EB09F6D37A792
                                                        Malicious:false
                                                        Preview:..............................

                                                        C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                        Category:dropped
                                                        Size (bytes):16384
                                                        Entropy (8bit):0.6707037974255466
                                                        Encrypted:false
                                                        SSDEEP:12:rl3baFGqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCXm:rAmnq1Py9612
                                                        MD5:760DD20D861B6568274E7BC8EAED9876
                                                        SHA1:B4CDA24A263E4E1725C3F966C865763A9EBBEFAD
                                                        SHA-256:63D186638901C0A8BC35F1094401003AFA2E9C60349E35CC8E91FF9DEE9E48E8
                                                        SHA-512:AA7666069FA021E3A53B8A7120D29C0085FD1736CE63381103088238DCC56F4428F0F69A0E4E90D1679DD5B5C052EE46244F35FB36E3392C89A22E0B3859255B
                                                        Malicious:true
                                                        Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:Microsoft Outlook email folder (>=2003)
                                                        Category:dropped
                                                        Size (bytes):271360
                                                        Entropy (8bit):4.21987661824547
                                                        Encrypted:false
                                                        SSDEEP:3072:49+jZPxP6WlmZYpRVzPFRpp2JFVa+vRrac435UpjbSpj:40noqp9Rv2JFVaIY
                                                        MD5:D8E82845A391CB8E66B5ABA9C572229A
                                                        SHA1:4A4329EB5F30360B66D60373BD91851E18909DB3
                                                        SHA-256:588CB44D69E181C9EAFF07ACAB2F07722593553EE053D94D03F2328E07B81C64
                                                        SHA-512:57469AC5717596C1C1896590299BE48D0BF9772783D2F81D652A2D75CE489B4C2E5FC1407BEF578F787EDC5DDB52B65495E854D761DE54ECEDE14009A9018A38
                                                        Malicious:true
                                                        Preview:!BDN.s..SM......\...^...........8.......a................@...........@...@...................................@...........................................................................$.......D......................6...............3........x..................................................................................................................................................................................................................................................................................<........A....'.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                        Download File
                                                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):131072
                                                        Entropy (8bit):5.5829481796388505
                                                        Encrypted:false
                                                        SSDEEP:3072:gOq0VVzPFRMp2JFVabpjdtacqZPavRB35I:RVp9RA2JFVabb
                                                        MD5:92A04D56AAE61DCDD859316F27F78DD5
                                                        SHA1:11EB76E32D76095FFD34E70B9657116C92AEC18F
                                                        SHA-256:325196F4CA8AC3AEB9F32BFFDFBDCFC90FF71F7CBD61ECEFE44B44BE09FAD535
                                                        SHA-512:D17E917F4EA7A07EF75A0F12AA576A89E15DDB75B287EBA7871C5CF215B0E1CDD478D7461C7B60D9E453E70520C86A846153531311B49804F483AB2C617D5EE9
                                                        Malicious:true
                                                        Preview:zB.sC...s............M..],....................#.!BDN.s..SM......\...^...........8.......a................@...........@...@...................................@...........................................................................$.......D......................6...............3........x..................................................................................................................................................................................................................................................................................<........A....'..M..],.......B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                        Static File Info

                                                        General

                                                        File type:RFC 822 mail, ASCII text, with very long lines (337), with CRLF line terminators
                                                        Entropy (8bit):5.921403329174259
                                                        TrID:
                                                        • E-Mail message (Var. 5) (54515/1) 100.00%
                                                        File name:Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml
                                                        File size:100'686 bytes
                                                        MD5:543f12870f7a3c5db739b30e81f7a997
                                                        SHA1:784d94383852bd193e3d1c6d033f1644544ae67b
                                                        SHA256:2653f498a78dd5ac51591b917ffb45b9489f640422a90bce84a81fd080198cac
                                                        SHA512:e52d2ef4622d312f9c36979cb74bfe5eaa448f57e0f1bae754afbbbd68a8e50b97cbc51c06f989a48c48628f8523fea41f28e439a6bf527bff37c04ae63da131
                                                        SSDEEP:1536:Tilkm4qs4gQOZF7SLdhpPVh5e4Uso9naw7bWwuSNXg0V+hPNHu7odyK1nObepJ+Y:W4qsFW1eaw3KSRg0KFHnv1FpJV31K8Ia
                                                        TLSH:45A36E91A94337A5F8712D42D80EAC552633E80739F78095293F97C54B3AFDA1CE0BE9
                                                        File Content Preview:Received: from YT3PR01MB9577.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:b01:89::6).. by YT3PR01MB8210.CANPRD01.PROD.OUTLOOK.COM with HTTPS; Fri, 1 Nov 2024.. 12:36:16 +0000..Received: from YTBP288CA0020.CANP288.PROD.OUTLOOK.COM (2603:10b6:b01:14::33).. by YT3PR

                                                        Static Mail

                                                        General

                                                        Subject:Purolator - Your shipment is on its way / Votre envoi est en route - PIN/NIC:335008262560
                                                        From:"notificationservice@purolator.com" <notificationservice@purolator.com>
                                                        To:Mathieu Cornellier <mcornellier@regulvar.com>
                                                        Cc:
                                                        BCC:
                                                        Date:Fri, 01 Nov 2024 12:36:01 +0000
                                                        Communications:
                                                        • ATTENTION : Courriel externe - CAUTION:External email Unsubscribe<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftrack.purolator.com%2Fnotifications%2Fen%2Funsubscribe%2Faeeec071-55fa-4a84-939c-5ec1232d889a/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/Ad10vyNpjnAtQKHWobOOOI_O4tY=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Fen%2Fhome.page/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/D7DMDSgGdO15m4dDFb1qtxCLgzI=183> Veuillez faire dfiler l'cran vers le bas pour afficher la version franaise. Your shipment is on its way! Hi, We want to let you know that the shipment(s) was delayed. The issue is now resolved, and were working hard to deliver your shipment(s) as quickly as possible. PIN: 335008262560 Status: On vehicle for delivery Date/Time: November 01, 2024 at 08:31 Tracking Details: https://purolator.com/en/tracker?pin=335008262560<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2Fen%2Ftracker%3Fpin=335008262560/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/NadJDgo3wDhI8l2dyA8Eym6zeuQ=183> See our contact information below and just let us know if you have any questions. Thank you for your patience. This email was sent from our automated inbox. Please do not reply. Tracking Status: <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Fen%2Fship-track%2Ftracking-summary.page/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/cjP6qYJF0nYMdOTasHnrdRY4Tls=183> <https://www.purolator.com/assets/img/notification-template/redbluebar.jpg> It's not a package. It's a promise. To learn more about Purolator's products and services, please contact us. Visit www.purolator.com<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2F/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/YtKtPdnUUfoGi2nSKnjHbqgding=183> Call 1 888 SHIP-123<http://ytzn6hcf.r.ca-central-1.awstrack.me/L0/tel:18887447123/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/farelrFSymkSJACWd0KlOpR6JrQ=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Fen%2Fhome.page/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/yJB8H4Ir4oXVc6HmHLSCY75xsKo=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.facebook.com%2FPurolatorInc%2F/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/-ZU6H3VcuvULqAyLSZDg7z7aJ4g=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftwitter.com%2Fpurolatorinc%3Flang=en/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/syw16iENQpRUabPZ9FmNFUdal-E=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fcompany%2Fpurolatorinc%2F%3ForiginalSubdomain=ca/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/dXHXCHyYU-r_h-Qz_dmdnmti6pc=183> 2024 Purolator Inc. Privacy Policy: http://www.purolator.com/en/legal/privacy.page<http://ytzn6hcf.r.ca-central-1.awstrack.me/L0/http:%2F%2Fwww.purolator.com%2Fen%2Flegal%2Fprivacy.page/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/Zpacwr4vWtBWExQ42FZuKTH-tss=183> Your e-mail has been submitted to receive notifications of any changes that impact the delivery of the specific shipment(s) above. If you wish to unsubscribe for notifications regarding the shipment(s) above, please click here: https://track.purolator.com/notifications/en/unsubscribe/aeeec071-55fa-4a84-939c-5ec1232d889a<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftrack.purolator.com%2Fnotifications%2Fen%2Funsubscribe%2Faeeec071-55fa-4a84-939c-5ec1232d889a/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/5PC2Djd9NI5mSn0sSfIPKjmiBMc=183>. This tracking notification has been sent to you by Purolator on behalf of the shipper noted above. Purolator does not validate the authenticity of the e-mail addresses provided by the shipper. Purolator assumes no responsibility for the content of the e-mail message added by the shipper. This e-mail contains proprietary information and may be confidential. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you received this message in error, please delete immediately. Purolator Inc. | 2727 Meadowpine Blvd | Mississauga | ON | L5N 0E1 | 1 888 SHIP-123 | purolator.com Votre envoi est en route! Bonjour, Nous vous avisons que lenvoi ou les envois ont t retards. Le problme est maintenant rgl et nous travaillons fort pour livrer votre envoi ou vos envois aussi rapidement que possible. NIC: 335008262560 tat: Dans un vhicule pour livraison Date/Heure: Novembre 01, 2024 at 08:31 Dtails de suivi: https://purolator.com/fr/expedition/faire-le-suivi-dun-envoi?pin=335008262560<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2Ffr%2Fexpedition%2Ffaire-le-suivi-dun-envoi%3Fpin=335008262560/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/DzbiujLEgHqA1k9nvIIhIdHrnnI=183> Si vous avez des questions, veuillez nous contacter aux coordonnes ci-dessous. Merci de votre patience. Le prsent courriel a t envoy de notre bote de rception automatise. Veuillez ne pas rpondre. Suivre un envoi : <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Fship-track%2Ftracking-summary.page%3F/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/3K40M_rNGlUw90fyx1pOBKiTu68=183> <https://www.purolator.com/assets/img/notification-template/redbluebar.jpg> Ce nest pas un colis. Cest une promesse. Pour en savoir plus sur les produits et services de Purolator, veuillez communiquer avec nous. Visitez le www.purolator.com<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fpurolator.com%2F/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/y-D2scW9OCkCBKcYUVTwSMHapvE=183> Composez le 1 888 SHIP-123<http://ytzn6hcf.r.ca-central-1.awstrack.me/L0/tel:18887447123/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/VWaZahJw8hUhkdH8EUEbi4uctyo=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Fhome.page/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/4fU8tOJbNTiqov-R5WYhoyKpTHU=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.facebook.com%2FPurolatorInc%2F/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/01Qin12At01-SyOHHgjoSf7Fm5U=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftwitter.com%2Fpurolatorinc%3Flang=fr/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/JfwYqxysQnItlHr_dXUfocZiNFE=183> <https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.linkedin.com%2Fcompany%2Fpurolatorinc%2F%3ForiginalSubdomain=ca/2/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/2JZaaNQYRCGS7dHw8KYPt-f3cqY=183> 2024 Purolator Inc. Politique de confidentialit : https://www.purolator.com/fr/legal/privacy.page?<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Fwww.purolator.com%2Ffr%2Flegal%2Fprivacy.page%3F/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/QwKYuKUJ4xbWynGH_UlSooYWreo=183> Votre adresse courriel a t configure pour recevoir des avis lis aux changements qui ont une incidence sur la livraison de lenvoi ou des envois ci-dessus. Si vous ne souhaitez plus recevoir davis lis lenvoi ou aux envois ci-dessus, veuillez cliquer ici : https://track.purolator.com/notifications/fr/unsubscribe/aeeec071-55fa-4a84-939c-5ec1232d889a<https://ytzn6hcf.r.ca-central-1.awstrack.me/L0/https:%2F%2Ftrack.purolator.com%2Fnotifications%2Ffr%2Funsubscribe%2Faeeec071-55fa-4a84-939c-5ec1232d889a/1/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/-ttT1dWOSPQ2emnWLLHc29mlGFQ=183> Le prsent avis de suivi vous a t envoy par Purolator au nom de lexpditeur susmentionn. Purolator ne valide pas lauthenticit des adresses courriel fournies par lexpditeur. Purolator nassume aucune responsabilit lgard du contenu des adresses courriel fournies par lexpditeur. Le courriel comprend des renseignements exclusifs et il peut tre confidentiel. Si vous ntes pas le destinataire vis du prsent courriel, vous tes avis par la prsente que toute diffusion, distribution ou copie du prsent message est strictement interdite. Si vous avez reu ce message par erreur, veuillez le supprimer immdiatement. Purolator Inc. | 2727 Meadowpine Blvd | Mississauga | ON | L5N 0E1 | 1 888 SHIP-123 | purolator.com <https://ytzn6hcf.r.ca-central-1.awstrack.me/I0/010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000/7l_P5IEOPBrJLRxttvG9IA3lJyQ=183>
                                                        Attachments:

                                                          Headers

                                                          Key Value
                                                          Receivedfrom d209-218.smtp-out.ca-central-1.amazonses.com (23.249.209.218) by mx-gate05-hz11.hornetsecurity.com; Fri, 01 Nov 2024 08:36:11 -0400
                                                          From"notificationservice@purolator.com" <notificationservice@purolator.com>
                                                          ToMathieu Cornellier <mcornellier@regulvar.com>
                                                          SubjectPurolator - Your shipment is on its way / Votre envoi est en route - PIN/NIC:335008262560
                                                          Thread-TopicPurolator - Your shipment is on its way / Votre envoi est en route - PIN/NIC:335008262560
                                                          Thread-IndexAQHbLFql091G6qh+HEaZKF/uFloyZQ==
                                                          X-MS-Exchange-MessageSentRepresentingType1
                                                          DateFri, 01 Nov 2024 12:36:01 +0000
                                                          Message-ID <010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000@ca-central-1.amazonses.com>
                                                          Content-Languagefr-CA
                                                          X-MS-Exchange-Organization-AuthSource YT2PEPF000001CF.CANPRD01.PROD.OUTLOOK.COM
                                                          X-MS-Has-Attach
                                                          X-MS-Exchange-Organization-Network-Message-Id 7c1283be-b1a7-4d6f-2de5-08dcfa71c4d6
                                                          X-MS-TNEF-Correlator
                                                          X-MS-Exchange-Organization-RecordReviewCfmType0
                                                          x-ms-publictraffictypeEmail
                                                          received-spfFail (protection.outlook.com: domain of webmail.purolator.com does not designate 209.172.38.68 as permitted sender) receiver=protection.outlook.com; client-ip=209.172.38.68; helo=hsmx01-hz11.hornetsecurity.com;
                                                          authentication-resultsspf=fail (sender IP is 209.172.38.68) smtp.mailfrom=webmail.purolator.com; dkim=pass (signature was verified) header.d=purolator.com;dmarc=pass action=none header.from=purolator.com;compauth=pass reason=100
                                                          x-ms-office365-filtering-correlation-id7c1283be-b1a7-4d6f-2de5-08dcfa71c4d6
                                                          x-ms-traffictypediagnostic YT2PEPF000001CF:EE_|YT3PR01MB9577:EE_|YT3PR01MB8210:EE_
                                                          x-forefront-antispam-report CIP:209.172.38.68;CTRY:CA;LANG:fr;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:hsmx01-hz11.hornetsecurity.com;PTR:hsmx01-hz11.hornetsecurity.com;CAT:NONE;SFS:(13230040)(12012899012)(2092899012)(4022899009)(3092899012)(5062899012)(13102899012)(4092899012)(13012899012)(32142699015)(1032899013)(3072899012)(69100299015)(8096899003)(2066899003);DIR:INB;
                                                          x-microsoft-antispam BCL:3;ARA:13230040|12012899012|2092899012|4022899009|3092899012|5062899012|13102899012|4092899012|13012899012|32142699015|1032899013|3072899012|69100299015|8096899003|2066899003;
                                                          x-ms-exchange-crosstenant-originalarrivaltime01 Nov 2024 12:36:12.0074 (UTC)
                                                          x-ms-exchange-crosstenant-fromentityheaderInternet
                                                          x-ms-exchange-crosstenant-id417fb5a3-bdeb-4e46-8a16-fa39afbc7d97
                                                          x-ms-exchange-crosstenant-network-message-id 7c1283be-b1a7-4d6f-2de5-08dcfa71c4d6
                                                          x-ms-exchange-transport-crosstenantheadersstampedYT3PR01MB9577
                                                          x-eopattributedmessage0
                                                          x-eoptenantattributedmessage417fb5a3-bdeb-4e46-8a16-fa39afbc7d97:0
                                                          x-ms-exchange-transport-endtoendlatency00:00:04.7427969
                                                          x-ms-exchange-processed-by-bccfoldering15.20.8114.015
                                                          x-ms-exchange-crosstenant-authsource YT2PEPF000001CF.CANPRD01.PROD.OUTLOOK.COM
                                                          x-ms-exchange-crosstenant-authasAnonymous
                                                          x-antispameurope-sender 010d0192e7b9ba45-65f33b73-7575-4013-9225-67309b207c77-000000@webmail.purolator.com
                                                          x-antispameurope-recipientmcornellier@regulvar.com
                                                          x-antispameurope-msgid edec237a3bc1c92db0051f678097babc-97d96d412df85a1cfe4349f1e33e4af3
                                                          x-antispameurope-body-digestc716de11032cde612c0ecb4c1ab164c9
                                                          x-antispameurope-virusscanCLEAN
                                                          x-antispameurope-spfresultNONE
                                                          x-antispameurope-orig-ip23.249.209.218
                                                          x-antispameurope-orig-hostd209-218.smtp-out.ca-central-1.amazonses.com
                                                          x-antispameurope-orig7fff89f4dfde3fe5aae4438433980958
                                                          x-antispameurope-disclaimerThis E-Mail was scanned by www.antispameurope.com E-Mailservice on mx-gate05-hz11 with 4Xg0hf1PNvzgYTQ
                                                          x-antispameurope-date1730464563
                                                          x-antispameuropeINCOMING:
                                                          x-antispameurope-connect d209-218.smtp-out.ca-central-1.amazonses.com[23.249.209.218],TLS=1;EMIG=0
                                                          x-antispameurope-wc 16:3972:0:61934:0:1:0:0:0:0:0:1:1:1:1:1:1:2:2:2:0:1:1:0:0:702:0:0:0:1:0:0:0:0::1:1:0:0:0:0:0
                                                          x-antispameurope-spamstatusCLEAN
                                                          x-antispameurope-reasonCUSTOMER-WL-notificationservice@purolator.com
                                                          dkim-signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=3alvvvbel33b2fx6aci3gonjgwxev6s4; d=amazonses.com; t=1730464561; h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date:Feedback-ID; bh=ncxDk/Pxx2uHm60gyt/lrTjlsqSc3hwX4+NppoHir5Y=; b=FIFVB5NrtVB3vCAbH4kvCzNAqkBxBQ3HKhsthJpse55f9QpnjpyxVaVfhkrJ0nF/ zZ8z0/fB8EBJl1ggN/hBl4cdqQXEF+edL/Pe8Bu1j09n4ooaFcnxhOwgvKKuHczjiJj iJMVHiHvYUfaGXOEzVCcugNqELmJ5axm0jiPcSrU=
                                                          X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                                          X-Microsoft-Antispam-Message-Info trCL9M+FCH3a9b2uxOsZa5rtagL8KZgPzv7brm+iwxBTP/JD85rILNlrAAJrVpGxAL4GtPbjqEkStPCiKbmZxBJLtg184o/l3vW3t/zgdrJ4FbDBHVE2ta+SWCtjd9ewHwKo2kkMsP9/QCXRp3Ci+ppRZlwBT9fsnThOHsQ8w7p5aAE+WK+fuLnkgAnPV68bKLdB64/1Z+L8XtlZP0aEUxW5cZFqdix5EIt7PDrMILHK3u4D5AwcJZdbwTdppRNhDxSztbOWaQcMPI+HNN/VXC4kFw+dzJJNd5GsbUvJD63+GMBkz/g+r4+oKAoOYSyWF3BmqLXuEBOlSdWL66a4NqtK+tsCcC0Bbe0/QrabvggqA8aHioDCO7fpoN+UoCDCD16DG9NoLfd0fhPIdIui+nW2rXDls4s9fEjV7xvaFYSQAmMThmw7HcuwSteu2kyIU0515oDHK/lfU77odulT6fGAQ5ZAwSc8rh9wGcicUVK6YSZVijCrp1HOmG6F0Ntl0i1mHu3x+Kujcm0HTy7d+6hgaLAwrtodqz0iM8ohkTGAFLmjjKbO5u1h6fVG7wFDCOYC8PgVGFrI1itCjdn/uUCQROSo4xMjjPl1mVAUB1RDT+u5gY/OCphhPOH36RCiONoFVS1KK9b2jeCP+Huy9HC0D6S8A976r+Z98fcxwlF0k300dmihmQRWc6TGjrWacxWexH8WLWRBGGJVPdiGJnyuAxQpGw8wJa/VFyvyVszpuXMrWMYGo3hFTxmylNx8vhqUgz1vsHOh9aI0Bfs3iuYJp902yYl6gD6uqfSl9WuCZlAonSsh0cGK3YucT4071RZtybqmK4jBgOfDb8dK3h1P+wrIfCBHsxLCXdmS8bZacc96gD3FeIOcXkB9td8hSV2Qo+IOJvsLzxT1oKux816/kC+NtukPPZQUqobxruattS9gFrYFHWGjlJUK3eo4uZq9TZ4aZdT5oOmhVj6/wQaCy9fsLFSnEjoa6ipEHYdiycQl5IWw3rcIXVhw1lXu/o+OZnLP4rFaz7NcqNtj+zkW51pOQRk6Ay4lqoDXJdLFgZ2/Euo/4aoRyIchWs2aUy9LhlH9zfBSIiYfbF+oHwq8iDruSsN2rv8iC5shdysB+H2i+yPFTxNiXSFObVzEnmOO3JWVkWDbGb7g+Zp5tCzriGqzxVCXvhd7gM2w6107Ir6fGu2tHQPCbhOzCGXJ9oa11gdBp/Ef44ChdPIQg5cYRUbLP8AiXyDwUtWYVA3k2SK3huWQBV6du9fVvzAcbISU4AhBhJh5vq6kUaFfynM25kY8iNEv8naFwluxU1Lj33tAVAQVMxd8cQYp5hDIbx8MoRYZXzZ/FYHuYZYmtyqwnDUXfj6HD6Kqn4z0mrsaN1E4Z6ywydLme7DbMOE1jrbxrH5RpWGM8/ptntdlQZN+TDS19zgKzcvPIEuBuy8hEGI/pgjCY30N3aoJ3jkOSwrdVi6hi/B7XN3jF6wQSsk0LIY7kUMl+/S6HgdTL5nsVjkI+qULNwm4nFGPktMElk06WEFjQfUk0EDnk3Hy9RyNE0+4d13X1Y77YyHUCBsc66R6zqYmVOANsqlceqxtmy6GhIr5tMVpo+fKWTzegmJmjpxaFp0SfbzITQLbFyyXgMfzOkpn05pUH8YyNib6MN6mQUwZS4O7yxDrB1EUSn7O5MsxiE6RAqEpxt09khQ85c7+Ec/tQ9Im/G/aBhT17IkyWEghvmgZuLsTd+cjqHutEcpi7WD1GubVJDxQHKtfn881NIe6kctAdPDBz8jC7d7oYa8qI3wXYo5BcLwDFzvlGmeMh0zdZGFttoyaooUzQKJxsNHJ03YW4ULZhT8XAhyFCCZYjV4ZHgwrnBxECFlL8yxwbBN4bAqdGjTnKCGtD4m8WbMQYad7/B8H3cn5apkZRA5WR9sNOdHgQpM3dhNWaV9j8mxkGy5jkCZQxw6qjwVJ6o7HFnoyY7yVrLarPdm+dsL7FAZYF60noD9BN66U7RyjZVMM+daXtrgu+XEkofpVXgz2RALe9DhhFeUk4TSsU8O8wLqALqE9foZSll4WuhT3mMCL9kpDVQug8YoqL73hXB0jMN3UUC+ASRtM/9w/RGGrp7oGIujdo4o86UalD5OL0VsFJY+a4VYuoaWq7HiNLVrDUCPK6iGtXAB1wVhIA9noFKkRkGev9lzjdQbrmQoOhqgpU4RPu85dn/yZfVhUzNAYVOjiN2IFpzlfHnAvPp2Re2h/3rHpMmHo/hKtWz9iLIOTBJ5J7Tg+QrTaOAycv+MrAvw0OPEuuJzIV16jrPZyi8jn/Mwx9GrUjg==
                                                          Content-Typemultipart/alternative; boundary="_000_010d0192e7b9ba4565f33b7375754013922567309b207c77000000c_"
                                                          MIME-Version1.0

                                                          File Icon

                                                          Icon Hash:46070c0a8e0c67d6

                                                          Network Behavior

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Nov 1, 2024 13:58:06.238765955 CET53506921.1.1.1192.168.2.8

                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:08:57:51
                                                          Start date:01/11/2024
                                                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Purolator - Your shipment is on its way _ Votre envoi est en route - PIN_NIC_335008262560.eml"
                                                          Imagebase:0xea0000
                                                          File size:34'446'744 bytes
                                                          MD5 hash:91A5292942864110ED734005B7E005C0
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          General

                                                          Target ID:4
                                                          Start time:08:57:57
                                                          Start date:01/11/2024
                                                          Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "72C3A8EF-1365-4DC2-9C9F-21F13EED8A2D" "3FF48669-EE9F-42A6-B5B2-E0F6BAD34912" "6356" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                          Imagebase:0x7ff70b7f0000
                                                          File size:710'048 bytes
                                                          MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                          Has elevated privileges:true
                                                          Has administrator privileges:true
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high
                                                          Has exited:false

                                                          Disassembly

                                                          No disassembly