Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
thanks for your purchase.eml

Overview

General Information

Sample name:thanks for your purchase.eml
Analysis ID:1556359
MD5:ddc003c6e478dfebcd352c9d2e3ad61e
SHA1:926a3a5b250df65afa8f99588e1a1f130b486cd4
SHA256:71c4146938c44d03080e6285e7d8dcf640860880d1d561facacb3dbac2718c3f
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 5096 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\thanks for your purchase.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 2808 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E9412BDD-C1B7-4366-8FA1-09A4268C9C2B" "11B70419-A45E-41FF-A8C7-998B26FE8A94" "5096" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 5096, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: Generic Gmail address sending unsolicited purchase confirmation. Suspicious attachment with random filename pattern. Subject and sender don't match any legitimate business pattern
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: thanks for your purchase.eml, ~WRS{72E074B8-8F95-4E4C-971F-B2AED171669C}.tmp.2.drString found in binary or memory: https://aka.ms/LearnAboutSenderIdentification
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.aadrm.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.aadrm.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.cortana.ai
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.diagnostics.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.microsoftstream.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.office.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.onedrive.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://api.scheduler.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://apis.live.net/v5.0/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://app.powerbi.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://augloop.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://augloop.office.com/v2
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://canary.designerapp.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.entity.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cortana.ai
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cortana.ai/api
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://cr.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://d.docs.live.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dataservice.o365filtering.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dev.cortana.ai
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://devnull.onenote.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://directory.services.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ecs.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://edge.skype.com/rps
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://graph.ppe.windows.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://graph.ppe.windows.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://graph.windows.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://graph.windows.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ic3.teams.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://invites.office.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://lifecycle.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://login.microsoftonline.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://login.microsoftonline.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://login.windows.local
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://make.powerautomate.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://management.azure.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://management.azure.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.action.office.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.engagement.office.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://messaging.office.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://mss.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ncus.contentsync.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ncus.pagecontentsync.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://officeapps.live.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://officepyservice.office.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://onedrive.live.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://onedrive.live.com/embed?
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://otelrules.azureedge.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office365.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office365.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://outlook.office365.com/connectors
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://pages.store.office.com/review/query
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://powerlift.acompli.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://pushchannel.1drv.ms
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://res.cdn.office.net
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://service.powerapps.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://settings.outlook.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://shell.suite.office.com:1443
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://staging.cortana.ai
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://store.office.de/addinstemplate
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://substrate.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://tasks.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://templatesmetadata.office.net/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://webshell.suite.office.com
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://wus2.contentsync.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://wus2.pagecontentsync.
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://www.odwebp.svc.ms
Source: CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: sus21.winEML@3/13@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241115T0421590658-5096.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\thanks for your purchase.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E9412BDD-C1B7-4366-8FA1-09A4268C9C2B" "11B70419-A45E-41FF-A8C7-998B26FE8A94" "5096" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E9412BDD-C1B7-4366-8FA1-09A4268C9C2B" "11B70419-A45E-41FF-A8C7-998B26FE8A94" "5096" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: thanks for your purchase.emlBinary or memory string: UIZ87DnKOwRogAZUkLdQ3IZlpIRxoIQ9SAVxMAUSMIV7hDRs28Ui3D9PPEVmCIdn2MBsksOPZKk3
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Process Injection		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
    		high
    https://login.microsoftonline.com/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
      		high
      https://shell.suite.office.com:1443CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
        		high
        https://designerapp.azurewebsites.netCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
          		high
          https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
            		high
            https://autodiscover-s.outlook.com/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
              		high
              https://useraudit.o365auditrealtimeingestion.manage.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                		high
                https://outlook.office365.com/connectorsCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                  		high
                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                    		high
                    https://cdn.entity.CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                      		high
                      https://api.addins.omex.office.net/appinfo/queryCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                        		high
                        https://clients.config.office.net/user/v1.0/tenantassociationkeyCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                          		high
                          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                            		high
                            https://powerlift.acompli.netCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                              		high
                              https://rpsticket.partnerservices.getmicrosoftkey.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                		high
                                https://lookup.onenote.com/lookup/geolocation/v1CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                  		high
                                  https://cortana.aiCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                    		high
                                    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                      		high
                                      https://api.powerbi.com/v1.0/myorg/importsCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                        		high
                                        https://notification.m365.svc.cloud.microsoft/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                          		high
                                          https://cloudfiles.onenote.com/upload.aspxCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                            		high
                                            https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                              		high
                                              https://entitlement.diagnosticssdf.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                		high
                                                https://api.aadrm.com/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                  		high
                                                  https://ofcrecsvcapi-int.azurewebsites.net/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                    		high
                                                    https://canary.designerapp.CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                      		high
                                                      https://ic3.teams.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                        		high
                                                        https://www.yammer.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                          		high
                                                          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                            		high
                                                            https://api.microsoftstream.com/api/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                              		high
                                                              https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                		high
                                                                https://cr.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                  		high
                                                                  https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                    		high
                                                                    https://messagebroker.mobile.m365.svc.cloud.microsoftCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                      		high
                                                                      https://otelrules.svc.static.microsoftCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                        		high
                                                                        https://portal.office.com/account/?ref=ClientMeControlCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                          		high
                                                                          https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                            		high
                                                                            https://edge.skype.com/registrar/prodCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                              		high
                                                                              https://graph.ppe.windows.netCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                		high
                                                                                https://res.getmicrosoftkey.com/api/redemptioneventsCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                  		high
                                                                                  https://powerlift-frontdesk.acompli.netCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                    		high
                                                                                    https://tasks.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                      		high
                                                                                      https://officeci.azurewebsites.net/api/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                        		high
                                                                                        https://sr.outlook.office.net/ws/speech/recognize/assistant/workCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                          		high
                                                                                          https://api.scheduler.CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                            		high
                                                                                            https://my.microsoftpersonalcontent.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                              		high
                                                                                              https://store.office.cn/addinstemplateCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                		high
                                                                                                https://api.aadrm.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                  		high
                                                                                                  https://edge.skype.com/rpsCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                    		high
                                                                                                    https://outlook.office.com/autosuggest/api/v1/init?cvid=CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                      		high
                                                                                                      https://globaldisco.crm.dynamics.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                        		high
                                                                                                        https://messaging.engagement.office.com/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                          		high
                                                                                                          https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                            		high
                                                                                                            https://dev0-api.acompli.net/autodetectCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                              		high
                                                                                                              https://www.odwebp.svc.msCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                		high
                                                                                                                https://api.diagnosticssdf.office.com/v2/feedbackCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                  		high
                                                                                                                  https://api.powerbi.com/v1.0/myorg/groupsCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                    		high
                                                                                                                    https://web.microsoftstream.com/video/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                      		high
                                                                                                                      https://api.addins.store.officeppe.com/addinstemplateCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                        		high
                                                                                                                        https://graph.windows.netCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                          		high
                                                                                                                          https://dataservice.o365filtering.com/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                            		high
                                                                                                                            https://officesetup.getmicrosoftkey.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                              		high
                                                                                                                              https://analysis.windows.net/powerbi/apiCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                		high
                                                                                                                                https://aka.ms/LearnAboutSenderIdentificationthanks for your purchase.eml, ~WRS{72E074B8-8F95-4E4C-971F-B2AED171669C}.tmp.2.drfalse
                                                                                                                                  		high
                                                                                                                                  https://prod-global-autodetect.acompli.net/autodetectCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                    		high
                                                                                                                                    https://substrate.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                      		high
                                                                                                                                      https://outlook.office365.com/autodiscover/autodiscover.jsonCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                        		high
                                                                                                                                        https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                          		high
                                                                                                                                          https://consent.config.office.com/consentcheckin/v1.0/consentsCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                            		high
                                                                                                                                            https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                              		high
                                                                                                                                              https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                		high
                                                                                                                                                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://notification.m365.svc.cloud.microsoft/PushNotifications.RegisterCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://d.docs.live.netCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://safelinks.protection.outlook.com/api/GetPolicyCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://ncus.contentsync.CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://weather.service.msn.com/data.aspxCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://apis.live.net/v5.0/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://officepyservice.office.net/service.functionalityCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://templatesmetadata.office.net/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://messaging.lifecycle.office.com/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://mss.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://pushchannel.1drv.msCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://management.azure.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://outlook.office365.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://wus2.contentsync.CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://incidents.diagnostics.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://clients.config.office.net/user/v1.0/iosCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://make.powerautomate.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://api.addins.omex.office.net/api/addins/searchCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://insertmedia.bing.office.net/odc/insertmediaCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://outlook.office365.com/api/v1.0/me/ActivitiesCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://api.office.netCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://incidents.diagnosticssdf.office.comCC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://asgsmsproxyapi.azurewebsites.net/CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA.2.drfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          No contacted IP infos

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1556359
                                                                                                                                                                                                          Start date and time:2024-11-15 10:20:46 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 4m 45s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:9
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:thanks for your purchase.eml
                                                                                                                                                                                                          Detection:SUS
                                                                                                                                                                                                          Classification:sus21.winEML@3/13@0/0
                                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .eml

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 20.189.173.16
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): ecs.office.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, s-0005-office.config.skype.com, onedscolprdwus17.westus.cloudapp.azure.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com, uks-azsc-config.officeapps.live.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • VT rate limit hit for: thanks for your purchase.eml

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          LLM Input / Output

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):231348
                                                                                                                                                                                                          Entropy (8bit):4.391371789771436
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:E21gSUbgRmiGu2bqoQwrt0Fvb8ktnYMdj:DYkmi2+iktnYMd
                                                                                                                                                                                                          MD5:BAA239C0AE7F9B1527CB73F93657F673
                                                                                                                                                                                                          SHA1:0398E201B03F76D220EF5DF81A6A2F53346AE799
                                                                                                                                                                                                          SHA-256:D905C6624E53D4879EC5D0BE1C57A4CBA0DEADA32886E9026FE30AF7B614E268
                                                                                                                                                                                                          SHA-512:47DFF10396166720A0939ADB47D5C8213D136B351E6E9363365CFE71A6ABB260EF5D601C73B1AA0298334EE46F05853B6F113512B5A1B47BF902EECF962764BD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:TH02...... .0...?7......SM01X...,...P2s.?7..........IPM.Activity...........h...............h............H..h$....... .@....h........._..H..h\tin ...pDat...hH..0..........h .K............h........_`$k...h..K.@...I.Rw...h....H...8.)k...0....T...............d.........2h...............k..............!h.............. h..-...........#h....8.........$h._......8....."h.k.......l....'h..]...........1h .K.<.........0h....4....)k../h....h.....)kH..h.9..p...$.....-h ............+h..K................. ...... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\CC23F18F-A727-4BDC-AEB7-AA45CD02E8CA

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):180288
                                                                                                                                                                                                          Entropy (8bit):5.29100070602855
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:+fyi2XfRAqFbH41gLEwLe7HW8QM/o/NMOcAZl1p5ihs7EXXOEADpOoagYdGVF8St:hPe7HW8QM/o/aXbbkx
                                                                                                                                                                                                          MD5:3DE22D4CF9BECD6707BA6DBEEDECBB62
                                                                                                                                                                                                          SHA1:8B29D480FC4CA48E2004962D26E899E93D2CDA90
                                                                                                                                                                                                          SHA-256:F3CFA8B90877E303CD7359E852AF6339DF163E01D3A31ABF52D7B37159A107F3
                                                                                                                                                                                                          SHA-512:933FBE2E49613BE3F1FF4A6E728DC44E52E343F13BC90FA66A31A4E2A2A02A73161D03EBB42C75AB343806C7EE47ABF58315876BAA688F19FE5DA644C76FCE20
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-15T09:22:04">.. Build: 16.0.18223.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.04587332210802959
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:GtlxtjlbLWxjXl8Il1lxtjlbLWxjXl2l/jR9//8l1lvlll1lllwlvlllglbelDbj:GtPujXHPujX0/t9X01PH4l942wU
                                                                                                                                                                                                          MD5:A70A087EDDD41325D1F6E297C666F570
                                                                                                                                                                                                          SHA1:E5F66EE309A304E80F458B569166C1ACD301B422
                                                                                                                                                                                                          SHA-256:D69CAB6BB38A03D84D6BADDDC4066424C85736C80819DA5112AB8BAA40B3C2AC
                                                                                                                                                                                                          SHA-512:351481879B3E39BE14B3AF56CE53D554688902F8A89B7433E65EA0C5F981B9F203BEAE3015A1D2A39676AF17832C10EA8D8F4D239C28023D7A73FEE33C40575C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:..-.......................n....4......~3..QLU#..-.......................n....4......~3..QLU#........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):49472
                                                                                                                                                                                                          Entropy (8bit):0.4849470988582968
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:a0Q1OGUll7DYMezO8VFDYMNpJ8BO8VFDYML:eYhll4pjVGGIjVGC
                                                                                                                                                                                                          MD5:0A7502E3112A6F763B96395A9D6A516D
                                                                                                                                                                                                          SHA1:8401433726DC67FA681895370F47310CE2819AF9
                                                                                                                                                                                                          SHA-256:C24E943D6D1A401AC441B1FF26ADA0E58608D23EF8B65456890CAB0129ED7079
                                                                                                                                                                                                          SHA-512:C19C7EAE9FB7B8F503626516648B542A41023C154F25A66AE7EE7E1F14FADBE0655CEA4AD529EDD087CF80A9746D5B902E3FAA1CB2D942EB58188F916B4120A2
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:7....-.................|..F.z^...............'.*4...SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\75AF2EC6.dat

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:GIF image data, version 89a, 614 x 870
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):67239
                                                                                                                                                                                                          Entropy (8bit):7.9022470551345165
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:ouFzyesv6YFG1REXIxZ57M3xEQ/9vJ1OS66:dFzyipE4xHw3xEQlvJ1OS66
                                                                                                                                                                                                          MD5:BE3A6B8C2BA0C9BDBB3665E6821409E5
                                                                                                                                                                                                          SHA1:7E171DC9A39E0F7A5058BD411BA313C5BBA180E6
                                                                                                                                                                                                          SHA-256:5EE90AFD74825EC301E0BE1B6A307229405A4F9AA4A9106EB62D5D61DEFC7997
                                                                                                                                                                                                          SHA-512:338789EAEE0DF23F605F5437D6286A6A0853DF4FEEDB4B6AD7F742BB36B955D5C00CF309215A277C6C82A2723CAA5528C3BB4D5233C8C2720A54484081E588FE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:GIF89af.f....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................q..f..f..V..P..:..3..7..,..5........................................................................................%.."..0......................................................................................{|}xxxswzrrrppploqjjjQq.eee^ch\_aYYYRX^PPP=Rr>EQ<==111.3..-.%%%.%r......,....f.f.@.../..H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j.....6b\.a.+.#.c.m`.."E......Ev.-.V...bm....0..b....q.#*......t.....og.6....r.E.~...re.d..E=vp..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{72E074B8-8F95-4E4C-971F-B2AED171669C}.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1604
                                                                                                                                                                                                          Entropy (8bit):1.2157668282923075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:t+RCNl8a+5MVkA8BmulweWOQd9AKY2EAhkly/n8irwl2JJlXMvOwWlqH4/rH:tXz+5ukDBmubtL2Vkl5ikleJlXUIH
                                                                                                                                                                                                          MD5:1EB5259472AA3BF4D57C8A74498865BF
                                                                                                                                                                                                          SHA1:30D2615289A4442265F32D7ED1462F0770BD73BB
                                                                                                                                                                                                          SHA-256:98A60B28426B433E26B1412860C06653F0E00A851C6A33F8D7527BE8D0CE8CDA
                                                                                                                                                                                                          SHA-512:74613DBAFEB13F1B17C2B1921BD6DA841FFB1D1EA634BBBAC600D075531318412F3E51B3B97B0CAACE77736ACE8C1EE025A24E896B84A8B6B6FB1F01AC5A3C11
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:......Y.o.u. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .s.h.e.h.z.a.d.a.h.a.s.s.a.n.4.1.7.@.g.m.a.i.l...c.o.m... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1731662520095578200_BF964453-E74E-4114-8770-BC7BFE80F93D.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (28774), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.1608147568429239
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:17ffVf8vfa5fEP4SsW5TtadjwFh7ms14L2eye21W19dQWULVwrpCDA5WhKQoXZga:ZNSaQy6bLPB8MG4JRVcBXca1
                                                                                                                                                                                                          MD5:EC3D9B4AE39824EA376E1D058E479142
                                                                                                                                                                                                          SHA1:AD1B5D4106A0EBD330C651D22D30F468C0921C9F
                                                                                                                                                                                                          SHA-256:400F46AFE5811AFBB872F8D8F88EE99C9C8FDB2FD7FB1D2F3A957D8C3207CBEB
                                                                                                                                                                                                          SHA-512:0AB6FFBECDCEDC24A0A99E1BF9B9AC389DB056504D1425ED9E057CC678E2AB3B8FDB58B6B41AA1044B0645CF16E413E77B513414CAA12DB41F1380B3A1F4F8A0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/15/2024 09:22:00.283.OUTLOOK (0x13E8).0x8AC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-11-15T09:22:00.283Z","Contract":"Office.System.Activity","Activity.CV":"U0SWv07nFEGHcLx7/oD5PQ.4.9","Activity.Duration":16,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/15/2024 09:22:00.299.OUTLOOK (0x13E8).0x8AC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-11-15T09:22:00.299Z","Contract":"Office.System.Activity","Activity.CV":"U0SWv07nFEGHcLx7/oD5PQ.4.10","Activity.Duration":19583,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVer

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1731662520097366100_BF964453-E74E-4114-8770-BC7BFE80F93D.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\ContactSupportReliability.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):303
                                                                                                                                                                                                          Entropy (8bit):4.898308743306745
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6:fMJEIJEOq4/AiJEEuA+UOCXO5Ws/QxemJp165EhUOCHHV5pyts7n:kTvScv1mZ/Qdw1nDpyCn
                                                                                                                                                                                                          MD5:9FCE46DFA8D33166A2AC4D48BF128AF4
                                                                                                                                                                                                          SHA1:D981C19BEB120A0CF99D3791537592C151E63730
                                                                                                                                                                                                          SHA-256:BB99150D95086B7D96B4ABE443A1E12E522DFA6296A8EAC027DD8A10ED72027F
                                                                                                                                                                                                          SHA-512:462AE3CB44951C822C72CF9DD3C16C81822C9C5231ABCBBE1EDC69FB3DBA44CFAEA898B471EE56EB8DFD7F907886B2DFC613BE7CE754BC2D1E794447E123C3AB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:IsDiagnosticsFlightOn:0..IsChatFlightOn:0..IsEntitlementByActiveIdentityFlightOn:0..IsChatEnabled:0..IsDisableSupportDiagnosticsGpoOn:255..IsEntitled:255..FIsConsumer:255..FIsSovereign:255..FIsITAR:255..IsTroubleshooterFlightOn:0..IsDisableSupportTicketCreationInOutlookGpoOn:255..UpdatedByFlighting:0..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241115T0421590658-5096.etl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):110592
                                                                                                                                                                                                          Entropy (8bit):4.5126317908341775
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:HJCJy/kjp7Pdxa4KW7m/lhQ7pslQOq99RjKxWRWgT8XahXWfWqCZ+MRrYn6k8SQp:h4/Oq99Reo8XIeQ
                                                                                                                                                                                                          MD5:167BDE87953CA43D79F0E9F6D04F2719
                                                                                                                                                                                                          SHA1:CBB27CE1FDEE600F9379A362766E3D681403C086
                                                                                                                                                                                                          SHA-256:1D7795A6FE1466A3EC02EA121F38C47118B0CE8BF70D901E423D0431E2BADE57
                                                                                                                                                                                                          SHA-512:292BEC885AC1F87735873D6715A013D38D6ADB9C4DB4276702200C6AE7801D8F7DD3E59EF3DA5D5977D35047457015D57DFD40732F8C047BCACC07C148B6A76A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:............................................................................`...........f...?7..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................p.(.^...........f...?7..........v.2._.O.U.T.L.O.O.K.:.1.3.e.8.:.4.d.8.6.a.7.c.4.a.f.1.d.4.f.3.3.8.b.2.c.3.7.c.8.9.a.9.7.a.1.4.e...C.:.\.U.s.e.r.s.\.t.i.n.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.1.5.T.0.4.2.1.5.9.0.6.5.8.-.5.0.9.6...e.t.l.......P.P.........f...?7..........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30
                                                                                                                                                                                                          Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:O0zX:O0z
                                                                                                                                                                                                          MD5:8054A67F47B5869040871835953D065C
                                                                                                                                                                                                          SHA1:377E800511276C50943658564780CBA85AC1641C
                                                                                                                                                                                                          SHA-256:C4617D0A2A2D7DCDC0A968564876168BE1CA92FB8647D53FDEF2838F23C02D97
                                                                                                                                                                                                          SHA-512:96E9ED7668F728713233EB5B65ADEFADBCF87A5E20FF13AE2285B34285227EE5E5564AB09EE5DDB9827E0DA6009EBBAE3F81391EAD2E6171A745446235DEBB8E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....yo........................

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):271360
                                                                                                                                                                                                          Entropy (8bit):4.903540776131559
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:wq1ZPKgQXSBX4Dswn3L6rJCEkNCEkrCEkaCEk/CEkUCEkoXCEkhY5z:LPKrPwnJCEkNCEkrCEkaCEk/CEkUCEkr
                                                                                                                                                                                                          MD5:60C927B3F0477CD46379D0F8344434B4
                                                                                                                                                                                                          SHA1:05DF0CA43FBBEC8542C298EC9E65E52492CBD8FA
                                                                                                                                                                                                          SHA-256:F3781C1D3DAE0BBCF41D835CE8C046DB573242FB7785B9566A237E1FA8E52F8A
                                                                                                                                                                                                          SHA-512:9EC37C2153B6A3B53A4677BB9212CDDDD296693ABA3E6A5C3F91EF66EB95FB1B088298E2A38BE99A12EE8665586BCADB0186386E5A1FEE5F99BF25230F979CB5
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:!BDN..G.SM......\...-_..................\................@...........@...@...................................@...........................................................................$.......D......@.......................................................................................................................................................................................................................................................................................................................................uc.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):262144
                                                                                                                                                                                                          Entropy (8bit):4.46497728394013
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:7oXCEkNCEkrCEkaCEk/CEkoCEkoXCEkq/Z/KT0/SBP4DswnoQvGf:EXCEkNCEkrCEkaCEk/CEkoCEkoXCEkeG
                                                                                                                                                                                                          MD5:8C2931527C6DB539BDF84F254CE5E5D5
                                                                                                                                                                                                          SHA1:76B0332B870B63171575DDA8579BE66895110157
                                                                                                                                                                                                          SHA-256:04535534554FAE73D59AC0652BB2910237E6054702CDD2788284ED7EDCE0DCB0
                                                                                                                                                                                                          SHA-512:4EAA7653325B68004FE02A5673424535D43BACB54BF9E8450740CC0CF64FD314FE70946C81594BA4472139FCA0179B4BC1ED90CDF137CB7FEE343D729870CA69
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:OT..C................,..?7....................#.!BDN..G.SM......\...-_..................\................@...........@...@...................................@...........................................................................$.......D......@.......................................................................................................................................................................................................................................................................................................................................uc..,..?7....................#.!BDN.5x.SM......\...-_...W..............[................@...........@...@...................................@...........................................................................$.......D......@A..............................................................................................................................................................................................

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:RFC 822 mail, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                          Entropy (8bit):6.096459666612539
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Text - UTF-8 encoded (3003/1) 100.00%
                                                                                                                                                                                                          File name:thanks for your purchase.eml
                                                                                                                                                                                                          File size:114'668 bytes
                                                                                                                                                                                                          MD5:ddc003c6e478dfebcd352c9d2e3ad61e
                                                                                                                                                                                                          SHA1:926a3a5b250df65afa8f99588e1a1f130b486cd4
                                                                                                                                                                                                          SHA256:71c4146938c44d03080e6285e7d8dcf640860880d1d561facacb3dbac2718c3f
                                                                                                                                                                                                          SHA512:48d90ca9f640b6e1f12c8587823be0e2deb8615ec8c898df266720ee154a99b71d92a93231e21b6bab1b89bfb4ca79fc3468869b04aa317aa31d553b2d388f0a
                                                                                                                                                                                                          SSDEEP:3072:t99OFKPkxHnZVIx7wuUZqpsBX7TVS+gSPGNW:t9cFFxHnZs8uUZmIXlShSPF
                                                                                                                                                                                                          TLSH:C4B38B23E7C04965CD6B492528073B3D7BBD94DB8FA20D30A69EBB3E074DCE38A95544
                                                                                                                                                                                                          File Content Preview:...Received: from SA1PR09MB10476.namprd09.prod.outlook.com (2603:10b6:806:364::9).. by PH0PR09MB11424.namprd09.prod.outlook.com with HTTPS; Mon, 28 Oct 2024.. 12:49:08 +0000..Received: from CY5PR09CA0027.namprd09.prod.outlook.com (2603:10b6:930:1::29).. b

                                                                                                                                                                                                          Static Mail

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Subject:thanks for your purchase
                                                                                                                                                                                                          From:shehzadahassan417@gmail.com
                                                                                                                                                                                                          To:lynn.pierce@mymanatee.org
                                                                                                                                                                                                          Cc:
                                                                                                                                                                                                          BCC:
                                                                                                                                                                                                          Date:Mon, 28 Oct 2024 08:49:04 -0400
                                                                                                                                                                                                          Communications:
                                                                                                                                                                                                          • You don't often get email from shehzadahassan417@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> CAUTION:This email originated from an external source. Be suspicious of Attachments, Links and Request for Login Information and utilize the REPORT MESSAGE Button in Outlook if you feel this is a Phishing email. [cid:f74373d6]
                                                                                                                                                                                                          Attachments:
                                                                                                                                                                                                          • filsjXFZCd7.gif

                                                                                                                                                                                                          Headers

                                                                                                                                                                                                          Key Value
                                                                                                                                                                                                          Receivedfrom 72330940865 named unknown by gmailapi.google.com with HTTPREST; Mon, 28 Oct 2024 08:49:04 -0400
                                                                                                                                                                                                          Authentication-Resultsspf=pass (sender IP is 209.85.167.179) smtp.mailfrom=gmail.com; dkim=pass (signature was verified) header.d=gmail.com;dmarc=pass action=none header.from=gmail.com;compauth=pass reason=100
                                                                                                                                                                                                          Received-SPFPass (protection.outlook.com: domain of gmail.com designates 209.85.167.179 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.167.179; helo=mail-oi1-f179.google.com; pr=C
                                                                                                                                                                                                          DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1730119745; x=1730724545; darn=mymanatee.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=lUDbw1rRrApx0MN+hsBtUFI158s7ldFzAlC29cphdJc=; b=TJjLP2er+osfpfUENOiRa4QmoZ5XzC1/VerY6e3D7g9ysjIqWilXyFo48/2turwF0/ HJMK+YtO3/aYaNR+TEwc2ifQC6EEDmut8HouLMZebQbiHT/FE38bFhA5mCdjbzonNwsp yfVy988g8L/v9O/Zm8W104S/D850XwfCL+lpN/SJBX4CxeBW9OHyYoZ6M/hKvUBvubx5 GRWi8YvhARqjwU8i96Q6ZLKi+qPUq5+YKBUfcu96qUmrHmORiGtweXo0QtnXMq0LINH+ k940r0WvV2cc/iZyRhp3FtgmxRuohL5Z1vgFCKOzHlbkci3c7LgmdxTtknw56RykYnVa oVBA==
                                                                                                                                                                                                          X-Google-DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730119745; x=1730724545; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=lUDbw1rRrApx0MN+hsBtUFI158s7ldFzAlC29cphdJc=; b=Dv1I1XHluvL5SGK0p/3jJAwysy3q6tDNbz/7tAi9/kqiqkA6IY34NsaELhfdn0qtiU h6deUtRS2coZ1ZxvKmx7dhyOgPUsMCXWYyxaZDWsG2YDpZs4qcudhTkqvOSFlzcYxkef TEqxXd7P4RLoTIBujuo9vpzDg9WYM1+f7/fhozLqQE+TuqJaNTcXXbYIiBHqsx9Fwm6Q XvIKGmUd8Y82PcwVo0CZHXbdOy/bQ8oeTyPE70DuViFpjolj9TAnLkJl3yjgHJRksq0G CKmkCfHQ6Tlswx1fz8KQ1afSeN9oYVE45uSCTYxJXFmajRl3SPjkSXLb+op8Xk1Y7GG+ eMsQ==
                                                                                                                                                                                                          X-Gm-Message-StateAOJu0Yx7Ma5zV5XVZ+OzCIXlFKlsphxbkO9isuCw/vR9E5KXdc0ZZ5PX rnHukuxCTEF3loGYc7WD8KLQb5EYZZ8jphonP9C0u2hCwGMwCLkYfIDAwilHaO0/saOtVqdQrvV PDp9mepHoMecRnije1o13RaGUMWgOarobljM=
                                                                                                                                                                                                          X-Google-Smtp-SourceAGHT+IGF7QsNkC+9nfGepwdRo867+EQpLJmnDPb52mPIquIF/47EbhhPIIVHyiPdJDc3EvmJtjmU1mSQt5ZXOVCp6Ik=
                                                                                                                                                                                                          X-Receivedby 2002:a05:6808:2383:b0:3e5:e72e:17c8 with SMTP id 5614622812f47-3e63845af51mr5821851b6e.21.1730119745345; Mon, 28 Oct 2024 05:49:05 -0700 (PDT)
                                                                                                                                                                                                          Fromshehzadahassan417@gmail.com
                                                                                                                                                                                                          DateMon, 28 Oct 2024 08:49:04 -0400
                                                                                                                                                                                                          Message-ID<CAN9nebn1P3Jeaf09YybmMxWxQreHKKWZ0KPmNc7z2ra-AZ3sTg@mail.gmail.com>
                                                                                                                                                                                                          Subjectthanks for your purchase
                                                                                                                                                                                                          Tolynn.pierce@mymanatee.org
                                                                                                                                                                                                          Content-Typemultipart/related; boundary="000000000000d738c4062588e438"
                                                                                                                                                                                                          Return-Pathshehzadahassan417@gmail.com
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationStartTime28 Oct 2024 12:49:05.8998 (UTC)
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                                                                                                                                                          X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                                                                                                                                                          X-MS-Exchange-Organization-Network-Message-Id 4327e016-29d6-43b1-064a-08dcf74ee871
                                                                                                                                                                                                          X-EOPAttributedMessage0
                                                                                                                                                                                                          X-EOPTenantAttributedMessagecbf18587-7422-40f2-a8f2-eaa3a4ea4240:0
                                                                                                                                                                                                          X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                                                                                                                                                                          X-MS-PublicTrafficTypeEmail
                                                                                                                                                                                                          X-MS-TrafficTypeDiagnostic SA2PEPF00002250:EE_|SA1PR09MB10476:EE_|PH0PR09MB11424:EE_
                                                                                                                                                                                                          X-MS-Exchange-Organization-AuthSource SA2PEPF00002250.namprd09.prod.outlook.com
                                                                                                                                                                                                          X-MS-Exchange-Organization-AuthAsAnonymous
                                                                                                                                                                                                          X-MS-Office365-Filtering-Correlation-Id4327e016-29d6-43b1-064a-08dcf74ee871
                                                                                                                                                                                                          X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                                                                                                                                                          X-MS-Exchange-Organization-SCL1
                                                                                                                                                                                                          X-Microsoft-Antispam BCL:0;ARA:13230040|43022699015|5073199012|7093399012|4073199012|8096899003|4076899003;
                                                                                                                                                                                                          X-Forefront-Antispam-Report CIP:209.85.167.179;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail-oi1-f179.google.com;PTR:mail-oi1-f179.google.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(43022699015)(5073199012)(7093399012)(4073199012)(8096899003)(4076899003);DIR:INB;SFTY:9.25;
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-OriginalArrivalTime28 Oct 2024 12:49:05.8998 (UTC)
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-Network-Message-Id4327e016-29d6-43b1-064a-08dcf74ee871
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-Idcbf18587-7422-40f2-a8f2-eaa3a4ea4240
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-AuthSourceSA2PEPF00002250.namprd09.prod.outlook.com
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                                                                                                                                                                          X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                                                                                                                                                                          X-MS-Exchange-Transport-CrossTenantHeadersStampedSA1PR09MB10476
                                                                                                                                                                                                          X-MS-Exchange-Transport-EndToEndLatency00:00:02.2161178
                                                                                                                                                                                                          X-MS-Exchange-Processed-By-BccFoldering15.20.8093.023
                                                                                                                                                                                                          X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                                                                                                                                                          X-Microsoft-Antispam-Message-Info jqR3Fj4r1SwpndKPgCJrk5speAhqYmdfrsRGtNWT290fjhPEkAhMzX57mZTJWM+hO9PKRjD3Uv4tJD5fay1n59AGO5Ffx5wfENeD9UR4/iHWSwXDKq0Ja/xX11eoeRBtCKvRXyqmxmIm3R0Wn1u9GmJFnohiyvjtdB2jQhGVYsPxUzWGDtztgc51kmyg0eDkrQ8jNzFnl8qA8aoRo1odqfNJ/JhqSDBhFYy82ILVXjsJE4SbOVDUqlzkTlOhNhavz1EXVODERWdeHY0ego9Pby9b4t5VCrXBjgL/ma5jMviLcHF7+oT8uAfZp6O9XJlQ9HQc72hhrVmZLJ6H86FIWZ1nZ9E9L/LaMLmROkHH0084bp8IXBavh5AY6tnKbS73GrtovKctNayQGVBIIYAXTLMUZRqkbNrLBXrRgEBaYrSLHmIY7yq8anvS8A5HhbfNt6VKPqcV1NGkkpeSR3jBYCJX29WJUTnmDxer8csEzukh8VbfmLGoMjvcYk5cNaAZOkfKcWg8zM68LpLZM3WQuswPm4gwk7I0tejsVf7FL9A9ZpZjFu+tfDwXA9N7pFEmvmdkgbYP8PH51NpjnX4KwEt5Isoy4ssl8Qpqz1UGfOz4KP9+C2ULp0qPQ/BIUWOxyAgfx+B3xqVR5vhPW5n+dAKUGPTKCzGuqUqJamyJwkVgXLdstFfSJN6H8idXFnRUNJ7+UQtqcy+Naf6L5LU+aDwwjDjT5lb2RfWF5RuSz4m7kusgDCjdTp9ncB/pHAym1mOqYrQuQ6ay7dlnPUW2UZAeA0XMzNbfcWSQ86L4/P0pV9MQaAv219KOYarG734SbOQb6p1H3m3nXfixkCELb2pss3tZoCeSwvvqk2TYkYp1Wp0PpBXwNJ0GF76mQg+R/Aa0ptXm9cP+l8LNUjQUV1qiGMzUMe9a9N/YV64f4AzYx6Haxb1z4O2mHj9ykuAI6w274bQlqsIlI8RuD7t2typ3gpqe70aSBTspsNsAVsQlgPdkzNXHtkMqI+TNmLK2nk6JukCW0/L8cq/pR7ikPYTRHcMVVwD0hjwl7FZBfDl6WPkFmPsVLRogum9E3Me1xiEtqMjGFnVSZ202KmlaOT9N128i+1FXU/63uylVr68pX2Y8ffNBIZKiSFN8khQVkKjC2GCHq/GX7YO9bkoUoyu1VTHn4VvJDf6TJO8ezewWaSvSNUc5qdSXlYIbJ6pONatpAiIcrkq6+iC8Rm4byHJR9++Hs1vAjIHR3wNippYtZrzvM7IHDRcI14PUsOTnnmqgFP7wFy3vYMAqPvpH3soxEy/WLr5kUys9lX5yZDP7WjloHXBo5Ue/2rP6YHCqk8/bQVdFjwoZFwpV1S50zaDa/NsPM8d1I7Ag0sZD0a9zruYJqXMBc2yt6DD1C1CzB/X+OeAFSGx+zxx61BRUOcBCK+K+53bBrOfu4QGbYKaib+5icvhcm0hxc8m2GPbL2BDG4B0uWGrUyy380+2qBmNhOmagJT9MXdQVv3Ndj0dkkKWQFv53K2DYeWvIlcSuwH8c7O0ZbbtCkqipw00hkh1RAsuIh88daQ/m+b6ckSAw8dy+Ity1V8xgcQ4jJ3ZDh1uaBVdLugyiY4LoObvtCxkI5vKrhQlfnIZ5Nlkykovk8x16YrXlc632pqeBSMuClk7+OHZSJN6wyAhxLBnrvTdRvAc7qc/Gkc2verPM+tHcU0OFr02W2f0qzbpO9CG4yBRzDfo7WEwFiYXAv5JE3DXj8a6WCKiC+kexc8KRSsCP8Ehp49/1lCzoXtwiftZNJJhigxCKMFVck38TkkpUxGgYS0X0OuAa9XixqHmcvp0Ss+2d4mukrU8os8aHCcz5qNfZJWHjeu9RfE89+43vw+JMcr2NtJkY/6FwUWR88ieNpwwY43BtatzRHe+2C0Pd
                                                                                                                                                                                                          MIME-Version1.0

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:46070c0a8e0c67d6

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          No network behavior found

                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:04:21:58
                                                                                                                                                                                                          Start date:15/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\thanks for your purchase.eml"
                                                                                                                                                                                                          Imagebase:0x390000
                                                                                                                                                                                                          File size:34'446'744 bytes
                                                                                                                                                                                                          MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                          Start time:04:22:04
                                                                                                                                                                                                          Start date:15/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "E9412BDD-C1B7-4366-8FA1-09A4268C9C2B" "11B70419-A45E-41FF-A8C7-998B26FE8A94" "5096" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                          Imagebase:0x7ff769220000
                                                                                                                                                                                                          File size:710'048 bytes
                                                                                                                                                                                                          MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          No disassembly