Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg

Overview

General Information

Sample name:PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg
renamed because original name is a hash value
Original sample name:PaperCut MF Notificacin - tner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg
Analysis ID:1560844
MD5:ed94902bb1cab55edffa5b9719cf7ac1
SHA1:e27b3204aefa216423898df10883def43a86b839
SHA256:262e13ac8077cbad367e8442a9188d01f65426d906c1b74350f2886f68dba8a2
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7884 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7428 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5A413743-0588-4A66-81F0-B3D898E2A680" "6096013B-80A2-491E-9E96-CE452FC5D5D9" "7884" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7884, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.aadrm.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.aadrm.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.cortana.ai
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.office.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.onedrive.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://api.scheduler.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://app.powerbi.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://augloop.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://canary.designerapp.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.entity.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cortana.ai
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cortana.ai/api
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://cr.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://d.docs.live.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dev.cortana.ai
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://devnull.onenote.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://directory.services.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ecs.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://graph.windows.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://graph.windows.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://invites.office.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://lifecycle.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://login.windows.local
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://make.powerautomate.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://management.azure.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://management.azure.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://messaging.office.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://mss.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ncus.contentsync.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://officeapps.live.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://onedrive.live.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office365.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office365.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://planner.cloud.microsoft
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://powerlift-user.acompli.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://res.cdn.office.net
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://service.powerapps.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://settings.outlook.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://staging.cortana.ai
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://substrate.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://syncservice.o365syncservice.com/"
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://wus2.contentsync.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winMSG@3/11@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241122T0601380126-7884.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5A413743-0588-4A66-81F0-B3D898E2A680" "6096013B-80A2-491E-9E96-CE452FC5D5D9" "7884" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5A413743-0588-4A66-81F0-B3D898E2A680" "6096013B-80A2-491E-9E96-CE452FC5D5D9" "7884" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory12
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1560844 Sample: PaperCut MF  Notificaci#U00... Startdate: 22/11/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 51 102 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://syncservice.o365syncservice.com/"0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0035.t-0009.t-msedge.net
13.107.246.63
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://api.diagnosticssdf.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
      		high
      https://login.microsoftonline.com/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
        		high
        https://shell.suite.office.com:144342530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
          		high
          https://designerapp.azurewebsites.net42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
            		high
            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
              		high
              https://autodiscover-s.outlook.com/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                		high
                https://useraudit.o365auditrealtimeingestion.manage.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                  		high
                  https://outlook.office365.com/connectors42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                    		high
                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                      		high
                      https://cdn.entity.42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                        		high
                        https://api.addins.omex.office.net/appinfo/query42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                          		high
                          https://clients.config.office.net/user/v1.0/tenantassociationkey42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                            		high
                            https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                              		high
                              https://powerlift.acompli.net42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                		high
                                https://rpsticket.partnerservices.getmicrosoftkey.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                  		high
                                  https://lookup.onenote.com/lookup/geolocation/v142530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                    		high
                                    https://cortana.ai42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                      		high
                                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                        		high
                                        https://api.powerbi.com/v1.0/myorg/imports42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                          		high
                                          https://notification.m365.svc.cloud.microsoft/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                            		high
                                            https://cloudfiles.onenote.com/upload.aspx42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                              		high
                                              https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                		high
                                                https://entitlement.diagnosticssdf.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                  		high
                                                  https://api.aadrm.com/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                    		high
                                                    https://ofcrecsvcapi-int.azurewebsites.net/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                      		high
                                                      https://canary.designerapp.42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                        		high
                                                        https://ic3.teams.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                          		high
                                                          https://www.yammer.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                            		high
                                                            https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                              		high
                                                              https://api.microsoftstream.com/api/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                		high
                                                                https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                  		high
                                                                  https://cr.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                    		high
                                                                    https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                      		high
                                                                      https://messagebroker.mobile.m365.svc.cloud.microsoft42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                        		high
                                                                        https://otelrules.svc.static.microsoft42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                          		high
                                                                          https://portal.office.com/account/?ref=ClientMeControl42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                            		high
                                                                            https://clients.config.office.net/c2r/v1.0/DeltaAdvisory42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                              		high
                                                                              https://edge.skype.com/registrar/prod42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                		high
                                                                                https://graph.ppe.windows.net42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                  		high
                                                                                  https://res.getmicrosoftkey.com/api/redemptionevents42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                    		high
                                                                                    https://powerlift-user.acompli.net42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                      		high
                                                                                      https://officeci.azurewebsites.net/api/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                        		high
                                                                                        https://sr.outlook.office.net/ws/speech/recognize/assistant/work42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                          		high
                                                                                          https://api.scheduler.42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                            		high
                                                                                            https://my.microsoftpersonalcontent.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                              		high
                                                                                              https://store.office.cn/addinstemplate42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                		high
                                                                                                https://api.aadrm.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                  		high
                                                                                                  https://edge.skype.com/rps42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                    		high
                                                                                                    https://outlook.office.com/autosuggest/api/v1/init?cvid=42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                      		high
                                                                                                      https://globaldisco.crm.dynamics.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                        		high
                                                                                                        https://messaging.engagement.office.com/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                          		high
                                                                                                          https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                            		high
                                                                                                            https://dev0-api.acompli.net/autodetect42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                              		high
                                                                                                              https://www.odwebp.svc.ms42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                		high
                                                                                                                https://api.diagnosticssdf.office.com/v2/feedback42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                  		high
                                                                                                                  https://api.powerbi.com/v1.0/myorg/groups42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                    		high
                                                                                                                    https://web.microsoftstream.com/video/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                      		high
                                                                                                                      https://api.addins.store.officeppe.com/addinstemplate42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                        		high
                                                                                                                        https://graph.windows.net42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                          		high
                                                                                                                          https://dataservice.o365filtering.com/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                            		high
                                                                                                                            https://officesetup.getmicrosoftkey.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                              		high
                                                                                                                              https://analysis.windows.net/powerbi/api42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                		high
                                                                                                                                https://prod-global-autodetect.acompli.net/autodetect42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://substrate.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://outlook.office365.com/autodiscover/autodiscover.json42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://consent.config.office.com/consentcheckin/v1.0/consents42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://notification.m365.svc.cloud.microsoft/PushNotifications.Register42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://d.docs.live.net42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://safelinks.protection.outlook.com/api/GetPolicy42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ncus.contentsync.42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://syncservice.o365syncservice.com/"42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://weather.service.msn.com/data.aspx42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://apis.live.net/v5.0/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://officepyservice.office.net/service.functionality42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://templatesmetadata.office.net/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://messaging.lifecycle.office.com/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://planner.cloud.microsoft42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://mss.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://pushchannel.1drv.ms42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://management.azure.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://outlook.office365.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://wus2.contentsync.42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://incidents.diagnostics.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://clients.config.office.net/user/v1.0/ios42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://make.powerautomate.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://api.addins.omex.office.net/api/addins/search42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://insertmedia.bing.office.net/odc/insertmedia42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://outlook.office365.com/api/v1.0/me/Activities42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://api.office.net42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://incidents.diagnosticssdf.office.com42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://asgsmsproxyapi.azurewebsites.net/42530C52-9905-4D2E-884F-ABD7C0F7BD97.0.drfalse
                                                                                                                                                                                                          		high

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          No contacted IP infos

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1560844
                                                                                                                                                                                                          Start date and time:2024-11-22 12:00:29 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 4m 29s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:8
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:PaperCut MF Notificacin - tner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg
                                                                                                                                                                                                          Detection:CLEAN
                                                                                                                                                                                                          Classification:clean1.winMSG@3/11@0/0
                                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          • Number of executed functions: 0
                                                                                                                                                                                                          • Number of non-executed functions: 0
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .msg

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 40.126.53.6, 20.190.181.4, 40.126.53.14, 20.190.181.0, 40.126.53.13, 40.126.53.19, 40.126.53.15, 40.126.53.11, 52.109.32.97, 52.109.89.19, 52.113.194.132, 20.42.73.24
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, weu-azsc-000.roaming.officeapps.live.com, onedscolprdeus03.eastus.cloudapp.azure.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, storeedgefd.dsx.mp.microsoft.com, ecs.office.com, prdv4a.aadg.msidentity.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, www.tm.v4.a.prd.aadg.trafficmanager.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, azureedge-t-prod.trafficmanager.net, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • VT rate limit hit for: PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          No simulations

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          s-part-0035.t-0009.t-msedge.netSekpL8Z26C.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          DelightfulCard.dll.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          http://acsltddocu3.technolutionszzzz.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          STMod_32bit.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          ps1004.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          159993048229326377.jsGet hashmaliciousStrela DownloaderBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          program.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          exe004.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63
                                                                                                                                                                                                          exe001.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 13.107.246.63

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):231348
                                                                                                                                                                                                          Entropy (8bit):4.390244878392824
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:MJYLdFgsmJd3VkuangspiNcAz79ysQqt2F6FnqoQOTOrcm0FvvPMynTu7/lmZXxF:DbglGrgPmiGu2CqoQuOrt0FvHyB4+78V
                                                                                                                                                                                                          MD5:E0477EF6A7048A05D3F3BE2D01DA64D0
                                                                                                                                                                                                          SHA1:4EB1A55E3B14FEE1B2A3A18D8E7787D9444FF6E5
                                                                                                                                                                                                          SHA-256:B8D0755226862B70512C574586B662D3989BA7B32323EB557F8FA9DC18D89526
                                                                                                                                                                                                          SHA-512:0CB9FCD3E8836437E59AEF982530387CE08E2629D4A8BFB45DEFA9FEE97B93B98AC7CDDE176C84F4EAF819D698C157E3A1C829CC3E220BEEDE4E7F43BF22C73A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:TH02...... ..t...<......SM01X...,....a...<..........IPM.Activity...........h...............h............H..h........g......h........X@*.H..h\FRO ...1\Ap...h(' .0...`......h......2........h........_`Uk...h...@...I.tw...h....H...8.Zk...0....T...............d.........2h...............k..............!h.............. h}..U....x.....#h....8.........$hX@*.....8....."h(`!......`!...'h..............1h....<.........0h....4....Zk../h....h.....ZkH..h.%2.p.........-h .............+h............................ ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\42530C52-9905-4D2E-884F-ABD7C0F7BD97

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):181859
                                                                                                                                                                                                          Entropy (8bit):5.295287852888899
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:vi2XfRAqSbH4wglE6Le7HW8Qjj/o/NMOcAZl1p5ihs7EXXNEADpOBIa5YdGVF8St:3de7HW8Qjj/o/aXSbTx
                                                                                                                                                                                                          MD5:3DD214F8FECED4261BF7FCBECDFF82E7
                                                                                                                                                                                                          SHA1:7C7CEF0EA458C56860B30230F8D77936E65ED858
                                                                                                                                                                                                          SHA-256:5903579B40BC5C51BEC3B5A591B48CAC5A34388E49B7F11331A0047B6F19B9EA
                                                                                                                                                                                                          SHA-512:1F2D86E1DC71FC2FF66F39D3304614106D5143B9BDA743274D78DE2E8AE06E2ABEB52A79000AC81327A26A59FAE6889C79432C2F18F789DA1813CD5631417428
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-22T11:01:43">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.04607946491510245
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:GtlxtjljyQJOn4+lI3lxtjljyQJOn4+//9R9//8l1lvlll1lllwlvlllglbelDbj:GtxJO4ZxJO4eX9X01PH4l942wU
                                                                                                                                                                                                          MD5:25F1DF19CD984EDE64FA1BEDEC733473
                                                                                                                                                                                                          SHA1:A5A0607B79D28F9BEB2AF33F074DB8824F5AE220
                                                                                                                                                                                                          SHA-256:0230779C14B8A7AE034D67BF1880AE978E7A92CD317F17204A221DC94D785E19
                                                                                                                                                                                                          SHA-512:68DD67794A4A7DE33BA346ADA3E1FE5DA178A40E0CEF5CF85FB29CC43CD70B660888722BDC8649DFFA6841342640669290965D58E00E6FB109BD904A61955446
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:..-.......................LP.0.[.1T<?..9\}..DG...-.......................LP.0.[.1T<?..9\}..DG.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):49472
                                                                                                                                                                                                          Entropy (8bit):0.4838592475980919
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:vaQ1kAUll7DYMEb9zO8VFDYMlyBO8VFDYML:1Oll4HjVGNjVGC
                                                                                                                                                                                                          MD5:865FA774FF2D3CFE939A2435E5BC0BBF
                                                                                                                                                                                                          SHA1:A3E3EB370AFEFB329963F7FBAFA69B993D0F65E2
                                                                                                                                                                                                          SHA-256:262897E226990A1FC54C407DAAC7E6B7841AF347998882CB94AC4B13DA54DC9C
                                                                                                                                                                                                          SHA-512:9175B403D593381BC02C4BF3248A73A3784EBB8F8C350EDA300FFB37573B68BA67A7A648DEAEF2213C81900AA7851FC489F5BCCA06555B92C79DDF62BF7F3FE4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:7....-...........1T<?..9.;4.............1T<?..9.jF.....SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732273298839554000_BD3E346E-4DC4-4615-8C93-9F525B9385D4.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:ASCII text, with very long lines (28754), with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.16037649635999865
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:PDfSQbZpTBomBtoR2RlBr3qS28aAQAjP/S1iXtkcdayS8B/:LbLmmB8qT6d
                                                                                                                                                                                                          MD5:AC897767B7AA05C51E5C628D752EC8FA
                                                                                                                                                                                                          SHA1:34B50514CF8B66820C8D774317B3F90B036912C8
                                                                                                                                                                                                          SHA-256:62C9C1CDC8ACA6768584E349DC75BD6404250C8EA54A6C0E085386C0CBA08DAF
                                                                                                                                                                                                          SHA-512:2C0E8277FFEC25D37F69793A9F8BE0750AC7AB259A06D240559B8E0BBE6114C4D9CD4D424A12E16507193662179BFAA2C2073541ACDF77E82ED0F04A63F137B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/22/2024 11:01:39.141.OUTLOOK (0x1ECC).0x1ED0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-11-22T11:01:39.141Z","Contract":"Office.System.Activity","Activity.CV":"bjQ+vcRNFUaMk59SW5OF1A.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...11/22/2024 11:01:39.157.OUTLOOK (0x1ECC).0x1ED0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-11-22T11:01:39.157Z","Contract":"Office.System.Activity","Activity.CV":"bjQ+vcRNFUaMk59SW5OF1A.4.10","Activity.Duration":19570,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732273298840342300_BD3E346E-4DC4-4615-8C93-9F525B9385D4.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):20971520
                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3::
                                                                                                                                                                                                          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241122T0601380126-7884.etl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):94208
                                                                                                                                                                                                          Entropy (8bit):4.486530559287608
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:FMSE8xEtuvXtLq4iHI9ZSbmrXXzR1QW/WRWsW4q/X9+x:DS4EI9ZSbUXVHk
                                                                                                                                                                                                          MD5:12942130783D1BD59DCDD36B14C0D839
                                                                                                                                                                                                          SHA1:68E7A68ADB31F6B3F15ADED34F8C5ABD9B768C97
                                                                                                                                                                                                          SHA-256:5F0028FAB0AC511081F4698214D3DC238CBF74ABD08161B7D8B7B576B7573C55
                                                                                                                                                                                                          SHA-512:9ABD74FBBDD9B4A5BF4EBDCB583432CC2A0415838A7228ED9CC86980314874AF747FAC9E5ECBCE9C2CA4E8339428FE86AF076AC04934175961FE6BEDC8931232
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview:............................................................................h.............!..<..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................p..R.............!..<..........v.2._.O.U.T.L.O.O.K.:.1.e.c.c.:.9.c.5.2.7.7.f.9.3.0.f.9.4.b.d.e.9.8.b.3.4.3.e.c.b.3.a.e.8.4.f.4...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.2.T.0.6.0.1.3.8.0.1.2.6.-.7.8.8.4...e.t.l.......P.P...........#..<..................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFE497C227B56D2543.TMP

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):163840
                                                                                                                                                                                                          Entropy (8bit):0.46620377692385756
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ZL2weNemgmHZGn49E9kZukPRyUc1x4eMf7NLwi1oAb+2NgiXHWQOoqAbAW+Nh/:UNbb5BokMUA4eMfai1oHZiXHOoqM
                                                                                                                                                                                                          MD5:EC3F14DFEC391AB688C03EEED6441BA0
                                                                                                                                                                                                          SHA1:DEF2A238640072966965C87644EDB37078F2CBC5
                                                                                                                                                                                                          SHA-256:9761CCB1936CE4D318C7FF7516FE0CE05E437820CA10AAC865A488EC97372F65
                                                                                                                                                                                                          SHA-512:308C4FAA8867948BA1976279C1EFE5EB6CEA1253CE4AEDB15E7FC40E05F2D7E920FDB6BC18345F8D75F99991AC70FFB69679E050A33468013151E8B60147FCE4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):30
                                                                                                                                                                                                          Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:rDl7l1:
                                                                                                                                                                                                          MD5:F36A000FB73C83834CAFFCD70DAE13DB
                                                                                                                                                                                                          SHA1:8EA75A0A2E403CFA2D34799721BD3C7DC67F84E4
                                                                                                                                                                                                          SHA-256:7C8E5225C7C5A21C08F5FA6B4C894E1CA6DD319DA873B8CCCE7486B005EE7640
                                                                                                                                                                                                          SHA-512:87CCE5325C5148AB9A1185F6D71AB55A16DC2D1EF326D53533C9F6AB20EEA605A7D4D094A89AD235A45A0F8D664551B617DA68594DEECAB097966F5FCF762095
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.....&........................

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):271360
                                                                                                                                                                                                          Entropy (8bit):1.2758201359585601
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:8ZQctrmRQTV5upjb92tNVTIwfpKsxtROsGas5b7p:aCRQTTmAtgw5xR0v
                                                                                                                                                                                                          MD5:14B80DC00515738C8EDD3D97062E48CC
                                                                                                                                                                                                          SHA1:CBC7B30B9ABC961B848EA07F033BDA1030D6A263
                                                                                                                                                                                                          SHA-256:D278C99484625F355DEA7BB8D7614D260310124746033A1F6C5DA32024F8841A
                                                                                                                                                                                                          SHA-512:80D0A1B3F8E5258F95C010A8D1BCD6523462E1C126D940D48E8FF8AF5057F50FEE9E295DF4CB03FDAA5DE1317370DFE7ECD35E6BF5B5D5DCE4EA24C13236F6E9
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:!BDN....SM......\...=#..........3.......U................@...........@...@...................................@...........................................................................$.......D.......T............../...............2...........................................................................................................................................................................................................................................................................................x........+.0.'......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):131072
                                                                                                                                                                                                          Entropy (8bit):1.1434052883225623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:dssjTIgTgWzQ4795xviQ6/yHWO+9OQgXGrwPmbTFV:dPTIFdKLt6qpzed
                                                                                                                                                                                                          MD5:B8D7B32D5CB5326794D79D189B9478DB
                                                                                                                                                                                                          SHA1:F03DC47B7D9F0DCAC1D786790251B874C382A4EA
                                                                                                                                                                                                          SHA-256:656BCE0CA0B6AE77EA50D73C9F7BE0AB8A4C184C76E8BF1DF129133B40695797
                                                                                                                                                                                                          SHA-512:78E2BCEAF0B90AF98DB8127732E8E3F024B34FEED4314A38F3B11DAD7155142FD79E663EC2918288AFD9CB0AB971DEB3C6E9E787E722B83A46F5E7452A1EE495
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:.$..0...Y............f...<.......B............#...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................3G....3.........W;C...Z............f...<....................#.!BDN....SM......\...=#..........3.......U................@...........@...@...................................@...........................................................................$.......D.......T............../...............2...............................................................................................................................................................

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:CDFV2 Microsoft Outlook Message
                                                                                                                                                                                                          Entropy (8bit):3.525090649251509
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Outlook Message (71009/1) 58.92%
                                                                                                                                                                                                          • Outlook Form Template (41509/1) 34.44%
                                                                                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                                                                                                                                                          File name:PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg
                                                                                                                                                                                                          File size:74'240 bytes
                                                                                                                                                                                                          MD5:ed94902bb1cab55edffa5b9719cf7ac1
                                                                                                                                                                                                          SHA1:e27b3204aefa216423898df10883def43a86b839
                                                                                                                                                                                                          SHA256:262e13ac8077cbad367e8442a9188d01f65426d906c1b74350f2886f68dba8a2
                                                                                                                                                                                                          SHA512:2b1576ca6e2d346c30bc47859e8093105daefddebfb9d92ad1a8012d5cba94555a0d12f00aad9ab621c78af72547bc6bcc4000f3ea904fea00e2dea23454bb8c
                                                                                                                                                                                                          SSDEEP:768:+gd4eMfn1oV5WsKYMWsKxWsKwcFDNhgTRGTlztXUWsKJWsKbWsKQoL0cpxlPxlHi:de1U5W/WZWYtWBWjW4oTrnmgy2Cx
                                                                                                                                                                                                          TLSH:FD73D22439E5461AF277DF728AE38497C522FD92AD119B4F3195334E0A72940A873F3E
                                                                                                                                                                                                          File Content Preview:........................>.......................................................z..............................................................................................................................................................................

                                                                                                                                                                                                          Static Mail

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Subject:PaperCut MF Notificacin - tner bajo (Grupo: Todas las Impresoras/Dispositivos)
                                                                                                                                                                                                          From:imprimir@eversheds-sutherland.es
                                                                                                                                                                                                          To:it@eversheds-sutherland.es
                                                                                                                                                                                                          Cc:
                                                                                                                                                                                                          BCC:
                                                                                                                                                                                                          Date:Fri, 22 Nov 2024 10:30:06 +0100
                                                                                                                                                                                                          Communications:
                                                                                                                                                                                                          • Las siguientes impresoras tienen el tner casi agotado: Impresoras con tner bajo (previamente notificadas) =================================================== eni-storage-001\SHARP_PUBLICO Cyan: 9% eni-storage-001\SHARP_ADMINISTRACION Amarillo: 3% eni-storage-001\SHARP_CORPORATE Negro: 5%
                                                                                                                                                                                                          Attachments:

                                                                                                                                                                                                            Headers

                                                                                                                                                                                                            Key Value
                                                                                                                                                                                                            Receivedfrom DU2P194MB1567.EURP194.PROD.OUTLOOK.COM
                                                                                                                                                                                                            0930:11 +0000
                                                                                                                                                                                                            Authentication-Resultsdkim=none (message not signed)
                                                                                                                                                                                                            DBBP194MB1130.EURP194.PROD.OUTLOOK.COM (260310a6:10:1ed::10) with Microsoft
                                                                                                                                                                                                            15.20.8158.27; Fri, 22 Nov 2024 0930:12 +0000
                                                                                                                                                                                                            ([fe80:de80:889d:5a09:5bb7%6]) with mapi id 15.20.8158.019; Fri, 22 Nov 2024
                                                                                                                                                                                                            DateFri, 22 Nov 2024 10:30:06 +0100 (CET)
                                                                                                                                                                                                            Fromimprimir@eversheds-sutherland.es
                                                                                                                                                                                                            Toit@eversheds-sutherland.es
                                                                                                                                                                                                            Message-ID<241131161.2075.1732267811048@ENI-STORAGE-001.evershedsnicea.com>
                                                                                                                                                                                                            Subject=?UTF-8?Q?PaperCut_MF__Notificaci=C3=B3n_-_t=C3=B3ner_bajo_(?=
                                                                                                                                                                                                            =?UTF-8?Q?Grupo_Todas_las_Impresoras/Dispositivos)?=
                                                                                                                                                                                                            Content-Typetext/plain; charset=UTF-8
                                                                                                                                                                                                            Content-Transfer-Encodingquoted-printable
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationStartTime22 Nov 2024 09:30:11.3645
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                                                                                                                                                            X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                                                                                                                                                            X-MS-Exchange-Organization-Network-Message-Id5136b4cb-f851-4019-3427-08dd0ad8433b
                                                                                                                                                                                                            X-MS-Exchange-Organization-AuthSourceDU2P194MB1567.EURP194.PROD.OUTLOOK.COM
                                                                                                                                                                                                            X-MS-Exchange-Organization-AuthAsInternal
                                                                                                                                                                                                            X-MS-Exchange-Organization-AuthMechanism06
                                                                                                                                                                                                            X-ClientProxiedByMR1P264CA0007.FRAP264.PROD.OUTLOOK.COM
                                                                                                                                                                                                            (260310a6:10:23a::9)
                                                                                                                                                                                                            X-MS-Exchange-Organization-MessageDirectionalityOriginating
                                                                                                                                                                                                            Return-Pathimprimir@eversheds-sutherland.es
                                                                                                                                                                                                            MIME-Version1.0
                                                                                                                                                                                                            X-MS-PublicTrafficTypeEmail
                                                                                                                                                                                                            X-MS-TrafficTypeDiagnosticDU2P194MB1567:EE_|DBBP194MB1130:EE_|PR3P194MB1698:EE_
                                                                                                                                                                                                            X-MS-Office365-Filtering-Correlation-Id5136b4cb-f851-4019-3427-08dd0ad8433b
                                                                                                                                                                                                            X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                                                                                                                                                            X-MS-Exchange-Organization-SCL1
                                                                                                                                                                                                            X-Microsoft-AntispamBCL:0;ARA:13230040|366016|41050700001;
                                                                                                                                                                                                            X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:es;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU2P194MB1567.EURP194.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(41050700001);DIR:INT;
                                                                                                                                                                                                            X-Auto-Response-SuppressDR, OOF, AutoReply
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-Network-Message-Id5136b4cb-f851-4019-3427-08dd0ad8433b
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-AuthSourceDU2P194MB1567.EURP194.PROD.OUTLOOK.COM
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-AuthAsInternal
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-OriginalArrivalTime22 Nov 2024 09:30:11.7539
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-FromEntityHeaderHosted
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-Id055b0795-7299-45a9-bc23-ad109157818e
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-MailboxTypeHOSTED
                                                                                                                                                                                                            X-MS-Exchange-CrossTenant-UserPrincipalName9QTYwn59LO+iZNcLMNcr9Ef34sH9te4olxraXApA2uV0tB9Io8WZpCWZb70DbXLQowFbM03+rbRBffdyFq5D7Ky7lZvLiGiGFydcMIn2F4AubR0rIyZumNQ7LTP+sqeO
                                                                                                                                                                                                            X-MS-Exchange-Transport-CrossTenantHeadersStampedDBBP194MB1130
                                                                                                                                                                                                            X-MS-Exchange-Transport-EndToEndLatency00:00:02.7310578
                                                                                                                                                                                                            X-MS-Exchange-Processed-By-BccFoldering15.20.8182.018
                                                                                                                                                                                                            X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003)(1420198);
                                                                                                                                                                                                            X-Microsoft-Antispam-Message-InfoE4+gwCfNA1qOqqtkX97dvCn+FC2bCDow1+kLf2isFaD02VQjujrjzQyNuZmQMUf0oIWinzf2rInjXtGCKKYxkTyz5FqtXxIVW1qENsbZLp/q/lnl7W7MbiWbb/bGaQAhFkRsCynlAw/kAKuAP9ucxRsNfwSWxKod68S1PcuHJZwjwNRmMmV1MEXQE8CjKYxXBGzOxbmhkiZxQPSfWDHG1KlKISf3HwLxBa++wsMy+MTNqgIKMmoX0xwugPPE6jxsuw4C02IXpvfTJaZkqGOXk2pvPuFQQZ+DNLMUMXrJno36kqCQXG4YxNqZFusaYho4v5XO6x/gN+C7b0KMLJB8GAu6XpnB+dXvJwT8ryWeuh+fnA/t0363jTRbcMDuTt7eZNur1bDu2e1ZIMEXTFyBbDN3vfXB3bIXdSmEXR7XZRrI/W7uM18grSXjNzl1MMy3WW0+nUgthTXSYdV1bWowIlhBsFCAoXLXgqM5cO2xBZ5fvtPF0Tk2eFo8R8YRkJQhvQFAch/Gu6NXHKCoSLQF97jejUGRoSJ/MdNbFDX23Ka+kZYbJkVioJB/kN0hn+AMIAS0+sN42D9/fN8lElr2XYOV3LNMBR1ymy2Zzz0wac6N4RneCy+TjNg6g4ARxxxt28wd813sptI2Fqkqp7BVGifFy6m7TVPO59lyfqKb0RY0qXvT0qKaG1usxRpBIbwFeYQZmiDM9mzz8DX/G3FcMWr2IeYiX6gGZ2wJOsDvNd2s3WqMiM5MbjCyxVvCiVj46PMG2DJCGIyoFoYYpR+42HiBw2+lfwOpLnu3nJsm3zVZ8sSSJp3ou69Q4AB3qN9L79R5fo5Csr3c61A4RYOjsQ==
                                                                                                                                                                                                            dateFri, 22 Nov 2024 10:30:06 +0100

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:c4e1928eacb280a2

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Nov 22, 2024 12:01:30.984786034 CET1.1.1.1192.168.2.70xc3f9No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Nov 22, 2024 12:01:30.984786034 CET1.1.1.1192.168.2.70xc3f9No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:06:01:34
                                                                                                                                                                                                            Start date:22/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\PaperCut MF Notificaci#U00f3n - t#U00f3ner bajo (Grupo_ Todas las Impresoras_Dispositivos).msg"
                                                                                                                                                                                                            Imagebase:0xb70000
                                                                                                                                                                                                            File size:34'446'744 bytes
                                                                                                                                                                                                            MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                            Start time:06:01:40
                                                                                                                                                                                                            Start date:22/11/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "5A413743-0588-4A66-81F0-B3D898E2A680" "6096013B-80A2-491E-9E96-CE452FC5D5D9" "7884" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                            Imagebase:0x7ff738f90000
                                                                                                                                                                                                            File size:710'048 bytes
                                                                                                                                                                                                            MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            No disassembly