Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FaWdBSmJ.eml

Overview

General Information

Sample name:FaWdBSmJ.eml
renamed because original name is a hash value
Original sample name:abx_CloudMessage_WzM0NDYsICI5YmQ5MDljYi1lYTNiLTRlODMtODhkYy05NDhiZjUwOWExM2NAYWYwZWUzNDMtMGM4MC00MmJlLWFlYWMtZDY4OGU2M2VjZjQ4IiwgIkFBa0FMZ0FBQUFBQUhZUURFYXBtRWMyYnlBQ3FBQy1FV2cwQWtrWEhwX2V0SzB1VVZvdjJYZlFFaWdBSmJ.eml
Analysis ID:1565426
MD5:977b70ea459e7bf76901281ad0089bc4
SHA1:88b704b8a146f07f7fb5b9113d92e1bad71e8984
SHA256:60dbed0f628e02ff398640880078801604628a6975e8d0ec03bcec0d1732f239
Infos:

Detection

Lure-BasedAttack
Score:22
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64_ra
  • OUTLOOK.EXE (PID: 4988 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FaWdBSmJ.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 6656 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C1D22D1E-2223-4959-B1D2-9DAE0A6D7B93" "B7D5AA36-02E7-4720-ADDA-7D9C0A55A9D9" "4988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4988, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1
Sigma detected: Outlook Security Settings Updated - Registry
Source: Registry Key setAuthor: frack113: Data: Details: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\I2SXDPAK\, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4988, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Security\OutlookSecureTempFolder

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email contains only system-generated security banners/warnings with no actual message content. The subject line '[EXTERNAL] regali giorgia' is vague and doesn't match the sender's professional domain. The email is sent between different domains (st.com, hotmail.it, o-i.com) with an image attachment but no context
Source: EmailClassification: Lure-Based Attack
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.aadrm.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.aadrm.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.cortana.ai
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.microsoftstream.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.office.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.onedrive.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://api.scheduler.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://app.powerbi.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://augloop.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://augloop.office.com/v2
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://canary.designerapp.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.entity.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cortana.ai
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cortana.ai/api
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://cr.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://d.docs.live.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dev.cortana.ai
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://devnull.onenote.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://directory.services.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ecs.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://edge.skype.com/rps
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://graph.windows.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://graph.windows.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ic3.teams.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://invites.office.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://lifecycle.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://login.microsoftonline.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl.0.drString found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl.0.drString found in binary or memory: https://login.windows.localnull
Source: OUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl.0.drString found in binary or memory: https://login.windows.localnullD
Source: OUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl.0.drString found in binary or memory: https://login.windows.localrnal_SR
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://make.powerautomate.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://management.azure.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://management.azure.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.action.office.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://messaging.office.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://mss.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ncus.contentsync.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://officeapps.live.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://officepyservice.office.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://onedrive.live.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office365.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office365.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://planner.cloud.microsoft
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://powerlift.acompli.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://res.cdn.office.net
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://service.powerapps.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://settings.outlook.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://staging.cortana.ai
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://substrate.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://syncservice.o365syncservice.com/"
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://webshell.suite.office.com
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://wus2.contentsync.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: sus22.winEML@3/28@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FaWdBSmJ.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C1D22D1E-2223-4959-B1D2-9DAE0A6D7B93" "B7D5AA36-02E7-4720-ADDA-7D9C0A55A9D9" "4988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C1D22D1E-2223-4959-B1D2-9DAE0A6D7B93" "B7D5AA36-02E7-4720-ADDA-7D9C0A55A9D9" "4988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: FaWdBSmJ.emlStatic file information: File size 3376437 > 1048576
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: FaWdBSmJ.emlBinary or memory string: 9y5D43snh8aic2DbFjJjdehGfSus8FW8EaeXbE+Q4/jGdmeeK5DxfcTaT4qeO9Zntmwqqx+5k12H
Source: FaWdBSmJ.emlBinary or memory string: 32Vjx7gVX0iC2k1FzYQB5ZYm3IzYKMAelWfhVqEmueHtR8F3dy0DW3nNbSty2SpIX25FX0N3sehe
Source: FaWdBSmJ.emlBinary or memory string: DP7ZX7dv7SHgfSdN0+1XU/DXhdtUjLzMV3I75I6Z6c8iguOx7V/wcQeD/BX7Ln/BLX4Pfs2eEbC4
Source: FaWdBSmJ.emlBinary or memory string: VlUdDxn8aTyLZtwG5QU4bGfwGaVwIjqEMUZt7+YlSeiJkHr19KkUTIn2i5RShXKMPT6UwxBIjtA3
Source: FaWdBSmJ.emlBinary or memory string: vcCdiWTGO/pVjSrm9tdQjuAwaJHGVPHGfSkhH4bf8E9fB0/ir/gutN4h8SSrBJFrGoXsCTcZIdyM
Source: FaWdBSmJ.emlBinary or memory string: 4VuI7S6CI6DIwOmK6l70/wCi3t/ZL5cyIYdqEMue1eXfBe//ALG8F654F1i/mummuPtFrIoJO30r
Source: FaWdBSmJ.emlBinary or memory string: J4pUIs9pJJZRpwkzc4fHtxxVzwzJp40fTLK5RRqemu3kMpPBYnJrSLsYvYqaBcJplzY2mqaK6wzX
Source: FaWdBSmJ.emlBinary or memory string: LPfxwtsIIXHYcULhIPtAHDCjda7iroFUDJdugojZZFLQEMuOCf6UAIHbGJiAAOD61UuJ2NyYnbAx
Source: FaWdBSmJ.emlBinary or memory string: JHGfSgENmuUml2KEU/TrT4CkqEbl99oxUZMA/eoRk8K3c0Bl2loy42OFZdmM0rlH583HhnQbZXS/
Source: FaWdBSmJ.emlBinary or memory string: T+dQ2fwC+FFqsNppfh5YobW4aaOPzjtVj1x0wOvFdNulViuzDdQeMU7yonO9uT0IB6j3pKnDsP2t
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation11
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.59.34
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://api.diagnosticssdf.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
      		high
      https://login.microsoftonline.com/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
        		high
        https://shell.suite.office.com:1443F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
          		high
          https://designerapp.azurewebsites.netF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
            		high
            https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
              		high
              https://autodiscover-s.outlook.com/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                		high
                https://useraudit.o365auditrealtimeingestion.manage.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                  		high
                  https://outlook.office365.com/connectorsF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                    		high
                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                      		high
                      https://cdn.entity.F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                        		high
                        https://api.addins.omex.office.net/appinfo/queryF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                          		high
                          https://clients.config.office.net/user/v1.0/tenantassociationkeyF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                            		high
                            https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                              		high
                              https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl.0.drfalse
                                		high
                                https://powerlift.acompli.netF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                  		high
                                  https://rpsticket.partnerservices.getmicrosoftkey.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                    		high
                                    https://lookup.onenote.com/lookup/geolocation/v1F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                      		high
                                      https://cortana.aiF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                        		high
                                        https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                          		high
                                          https://api.powerbi.com/v1.0/myorg/importsF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                            		high
                                            https://notification.m365.svc.cloud.microsoft/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                              		high
                                              https://cloudfiles.onenote.com/upload.aspxF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                		high
                                                https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                  		high
                                                  https://entitlement.diagnosticssdf.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                    		high
                                                    https://api.aadrm.com/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                      		high
                                                      https://ofcrecsvcapi-int.azurewebsites.net/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                        		high
                                                        https://canary.designerapp.F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                          		high
                                                          https://ic3.teams.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                            		high
                                                            https://www.yammer.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                              		high
                                                              https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                		high
                                                                https://api.microsoftstream.com/api/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                  		high
                                                                  https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                    		high
                                                                    https://cr.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                      		high
                                                                      https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                        		high
                                                                        https://messagebroker.mobile.m365.svc.cloud.microsoftF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                          		high
                                                                          https://otelrules.svc.static.microsoftF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                            		high
                                                                            https://portal.office.com/account/?ref=ClientMeControlF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                              		high
                                                                              https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                		high
                                                                                https://edge.skype.com/registrar/prodF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                  		high
                                                                                  https://graph.ppe.windows.netF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                    		high
                                                                                    https://res.getmicrosoftkey.com/api/redemptioneventsF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                      		high
                                                                                      https://powerlift-frontdesk.acompli.netF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                        		high
                                                                                        https://login.windows.localROUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl.0.drfalse
                                                                                          		high
                                                                                          https://officeci.azurewebsites.net/api/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                            		high
                                                                                            https://sr.outlook.office.net/ws/speech/recognize/assistant/workF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                              		high
                                                                                              https://api.scheduler.F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                		high
                                                                                                https://my.microsoftpersonalcontent.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                  		high
                                                                                                  https://store.office.cn/addinstemplateF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                    		high
                                                                                                    https://api.aadrm.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                      		high
                                                                                                      https://edge.skype.com/rpsF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                        		high
                                                                                                        https://outlook.office.com/autosuggest/api/v1/init?cvid=F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                          		high
                                                                                                          https://globaldisco.crm.dynamics.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                            		high
                                                                                                            https://messaging.engagement.office.com/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                              		high
                                                                                                              https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                		high
                                                                                                                https://dev0-api.acompli.net/autodetectF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                  		high
                                                                                                                  https://www.odwebp.svc.msF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                    		high
                                                                                                                    https://api.diagnosticssdf.office.com/v2/feedbackF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                      		high
                                                                                                                      https://api.powerbi.com/v1.0/myorg/groupsF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                        		high
                                                                                                                        https://web.microsoftstream.com/video/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                          		high
                                                                                                                          https://api.addins.store.officeppe.com/addinstemplateF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                            		high
                                                                                                                            https://graph.windows.netF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                              		high
                                                                                                                              https://dataservice.o365filtering.com/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                		high
                                                                                                                                https://login.windows.localnullDOUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://officesetup.getmicrosoftkey.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://analysis.windows.net/powerbi/apiF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://prod-global-autodetect.acompli.net/autodetectF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://substrate.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.office365.com/autodiscover/autodiscover.jsonF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://consent.config.office.com/consentcheckin/v1.0/consentsF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://notification.m365.svc.cloud.microsoft/PushNotifications.RegisterF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://d.docs.live.netF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://safelinks.protection.outlook.com/api/GetPolicyF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ncus.contentsync.F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://syncservice.o365syncservice.com/"F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://weather.service.msn.com/data.aspxF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://apis.live.net/v5.0/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://officepyservice.office.net/service.functionalityF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://templatesmetadata.office.net/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://messaging.lifecycle.office.com/F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://planner.cloud.microsoftF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://mss.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://pushchannel.1drv.msF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://management.azure.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://outlook.office365.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://wus2.contentsync.F7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://incidents.diagnostics.office.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://clients.config.office.net/user/v1.0/iosF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://make.powerautomate.comF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://api.addins.omex.office.net/api/addins/searchF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://insertmedia.bing.office.net/odc/insertmediaF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://outlook.office365.com/api/v1.0/me/ActivitiesF7DA12AE-86AD-4DB9-B096-E44664AE1DD1.0.drfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            No contacted IP infos

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                            Analysis ID:1565426
                                                                                                                                                                                                            Start date and time:2024-11-29 19:54:05 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 4m 46s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:23
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:FaWdBSmJ.eml
                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                            Original Sample Name:abx_CloudMessage_WzM0NDYsICI5YmQ5MDljYi1lYTNiLTRlODMtODhkYy05NDhiZjUwOWExM2NAYWYwZWUzNDMtMGM4MC00MmJlLWFlYWMtZDY4OGU2M2VjZjQ4IiwgIkFBa0FMZ0FBQUFBQUhZUURFYXBtRWMyYnlBQ3FBQy1FV2cwQWtrWEhwX2V0SzB1VVZvdjJYZlFFaWdBSmJ.eml
                                                                                                                                                                                                            Detection:SUS
                                                                                                                                                                                                            Classification:sus22.winEML@3/28@0/0
                                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                            • Number of executed functions: 0
                                                                                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .eml

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, Microsoft.Photos.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 184.30.24.109, 52.109.89.19, 23.32.239.32, 23.32.239.83, 217.20.59.34, 52.111.252.18, 52.111.252.17, 52.111.252.16, 52.111.252.15, 40.79.173.40, 52.109.28.48
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): osiprod-uks-bronze-azsc-000.uksouth.cloudapp.azure.com, omex.cdn.office.net, odc.officeapps.live.com, slscr.update.microsoft.com, europe.odcsm1.live.com.akadns.net, weu-azsc-000.roaming.officeapps.live.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-weu-buff-azsc-000.westeurope.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, onedscolprdaue00.australiaeast.cloudapp.azure.com, prod-all.naturallanguageeditorservice.osi.office.net.akadns.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod-inc-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, prod.configsvc1.live.com.akadns.net, self.events.data.
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                            • VT rate limit hit for: FaWdBSmJ.eml

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            No simulations

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comfile.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                            • 217.20.56.102
                                                                                                                                                                                                            Employee_Important_Message.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 84.201.208.106
                                                                                                                                                                                                            Scan_6090402.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 217.20.56.101
                                                                                                                                                                                                            kingsmaker_6.ca.ps1Get hashmaliciousDucktailBrowse
                                                                                                                                                                                                            • 84.201.208.102
                                                                                                                                                                                                            Demande de proposition du Regional Development Network .pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 84.201.208.67
                                                                                                                                                                                                            drawing 10023. spec T4 300W .... dimn 560horsepower po 1198624 _ %00% spec .exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                            • 217.20.56.101
                                                                                                                                                                                                            eicar-adobe-acrobat-attachment.pdfGet hashmaliciousEICARBrowse
                                                                                                                                                                                                            • 217.20.59.36
                                                                                                                                                                                                            Account Review Desk - Help us keep your VAT account accurate.msgGet hashmaliciousCredentialStealerBrowse
                                                                                                                                                                                                            • 84.201.211.38
                                                                                                                                                                                                            invoice-1664809283.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 84.201.211.20
                                                                                                                                                                                                            faktura461250706050720242711#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                            • 84.201.208.103

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):338
                                                                                                                                                                                                            Entropy (8bit):3.4738726491832703
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6:kKlWQ8DBlEJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:8Q8kPlE99SCQl2DUevat
                                                                                                                                                                                                            MD5:F36FC62409B2A8D8342A109A7DCDF295
                                                                                                                                                                                                            SHA1:65CE456E839C1A1A59A35D5DDED1F4C3E8ED7E4B
                                                                                                                                                                                                            SHA-256:13C9AB7DAF4161B6393BBF6EB5A27BE6270A7026BCB700B9FEEDF8BE868546C9
                                                                                                                                                                                                            SHA-512:BF2A3DE2F1C89048E7276E5D60324E10C13848822947AF6FFBE311978C799FD38DEB5301F2D6986A5755FCA23558B6851F9B36EEA93D84DBA4895B7A130788C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:p...... ........J.^%.B..(..................................................^SZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):231348
                                                                                                                                                                                                            Entropy (8bit):4.391977849190112
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:GaYLcPgs8jD41+9CPgs2qNcAz79ysQqt2LuMlqoQMIrcm0Fv8WUyv7r+6Ee6KLPT:SogI8QgCmiGu23qoQHrt0FvpPAm87w
                                                                                                                                                                                                            MD5:6C3E3078EF7654B8EC88AF28DCFEF6F9
                                                                                                                                                                                                            SHA1:37ED939229B554A828BB73B3F686A835761C54A9
                                                                                                                                                                                                            SHA-256:1C342A06606FD1F818283CE0DAB25A2242E4ABA11DEFABBFCF28156910BFA1C1
                                                                                                                                                                                                            SHA-512:81B6ED130DA10ACD344977E996E53924586B896CBED9C3BF7311390C749AAEECED9DF3DAA596CB83C09B489019C36DACD367D012A5762429EE6D03A3E156BCE4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:TH02...... .@V$..B......SM01X...,...p....B..........IPM.Activity...........h...............h............H..h..|.....W.p...h........(o..H..h\cal ...pDat...h.D..0...x.|....h_.D............h........_`Pk...h..D.@...I.lw...h....H...8.Uk...0....T...............d.........2h...............k..............!h.............. hO.Z.......|...#h....8.........$h(o......8....."h........ .....'h..............1h_.D.<.........0h....4....Uk../h....h.....UkH..hp...p.....|...-h .........|...+h..D.......|................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1869
                                                                                                                                                                                                            Entropy (8bit):5.086423394406961
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cGrdyUdyjdSyrudnzyZSyrenzyMJdyBkSyrdnzyr1nzyvASy/dyO:jEUEjdbqd2Zb622Embx2R2vAb/EO
                                                                                                                                                                                                            MD5:7007E5E76AAA9A1ECBA20D8EB392B633
                                                                                                                                                                                                            SHA1:931A3DAD0E76B5B8988BF603B6BD9DF48FA1136C
                                                                                                                                                                                                            SHA-256:A5863929A6CEC2527EB12E7A0B1D0BC0CF9BFE4AB4BD971C0BF192196F0456BA
                                                                                                                                                                                                            SHA-512:83D1A83F21185106FFD72E82EF29EAF0F031487FFA0BF9A17FD3207830B3765C60B6BD90D296500FB093C63EC6141093DEB735799F9F62101FEDCE191AC50913
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-11-29T18:54:36Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-06T09:25:29Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2023-10-06T09:25:29Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-06T09:25:29Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-06T09:25:29Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):521377
                                                                                                                                                                                                            Entropy (8bit):4.9084889265453135
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                                                                                                                                                                            MD5:C37972CBD8748E2CA6DA205839B16444
                                                                                                                                                                                                            SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                                                                                                                                                                            SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                                                                                                                                                                            SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                            Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):773040
                                                                                                                                                                                                            Entropy (8bit):6.55939673749297
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                                                                                                                                                                            MD5:4296A064B917926682E7EED650D4A745
                                                                                                                                                                                                            SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                                                                                                                                                                            SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                                                                                                                                                                            SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                            Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):322260
                                                                                                                                                                                                            Entropy (8bit):4.000299760592446
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                                                                                                                                                            MD5:CC90D669144261B198DEAD45AA266572
                                                                                                                                                                                                            SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                                                                                                                                                            SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                                                                                                                                                            SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10
                                                                                                                                                                                                            Entropy (8bit):3.121928094887362
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:LhX:V
                                                                                                                                                                                                            MD5:8909D0DC0719F34670876E59B29AC73D
                                                                                                                                                                                                            SHA1:CCDA69DB315313CC89651B14CE23CC2643FB5099
                                                                                                                                                                                                            SHA-256:EEE5469247CC0EA0FE5D1876F736395809078CC8436C2BBE3D3A7143BF2C4414
                                                                                                                                                                                                            SHA-512:691DF147431D36729421CD8E8FD17D2A288D7F1C03CEA31A2C6DBAF0E3FD5785603BE75F626DC2EDF1E44B7D2802B6100586E69CFA008637DF80DFA780846CD3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:1732906480

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F7DA12AE-86AD-4DB9-B096-E44664AE1DD1

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):181859
                                                                                                                                                                                                            Entropy (8bit):5.295324836234876
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:2i2XfRAqSbH4wglE6Le7HW8Qjj/o/NMOcAZl1p5ihs7EXXNEADpOBIa5YdGVF8St:Ode7HW8Qjj/o/aXSbTx
                                                                                                                                                                                                            MD5:C7EF023E46A4AAAC8C5586226953B808
                                                                                                                                                                                                            SHA1:9CF234442A51F4271CD79FFF7C545F9A0B11D290
                                                                                                                                                                                                            SHA-256:2956D66E53F94B18C14A07F8A1EF5B35F0C4376E81619C452C0354F1CEBAFD3B
                                                                                                                                                                                                            SHA-512:A04D34417C50FEBFDE2BFBA7B796B076C6F42DC59E5E3B34F6A57D00034970F4EC4DF21C0E6602C8942A8F8E7CF1A3F7C024AA2CB66883A6143B66C3D4FA791B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-11-29T18:54:35">.. Build: 16.0.18312.40138-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4096
                                                                                                                                                                                                            Entropy (8bit):0.09216609452072291
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                                                                                                                                                                                                            MD5:F138A66469C10D5761C6CBB36F2163C3
                                                                                                                                                                                                            SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                                                                                                                                                                                                            SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                                                                                                                                                                                                            SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:SQLite Rollback Journal
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4616
                                                                                                                                                                                                            Entropy (8bit):0.13760166725504608
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:7FEG2l+g+tEl/FllkpMRgSWbNFl/sl+ltlslVlllfllg+n:7+/l3+Ig9bNFlEs1EP/rn
                                                                                                                                                                                                            MD5:B543F3065F03568C3CEE86D77DB6F275
                                                                                                                                                                                                            SHA1:CD8076054B705964389F88B973379A6166FA25D6
                                                                                                                                                                                                            SHA-256:0FD821A03E655865400635580274E428C2D4A8318B580B18E8F7AA1FE4F45D3C
                                                                                                                                                                                                            SHA-512:87D0EB285E7DD33E57B19552D0459092FDF8718362AD4B83B4E5BD79FA9FFB804758C877E49A1D6791E2D0E6C891C4EB5AF45C7C85E3476B00BBB38296A47E4B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.... .c......I#.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                            Entropy (8bit):0.04470641479249482
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:G4l2Q8zFXTWAl2Q8zFXT18lL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2QgWAl2QgaL9XXPH4l942U
                                                                                                                                                                                                            MD5:560486126E5DBC21500BE11B0E1DD38C
                                                                                                                                                                                                            SHA1:F4EC1E744A8CA458C5346D27EEBEC3F08CB07BBC
                                                                                                                                                                                                            SHA-256:5E0D6D4C160F9B760AE2FCD239B62F941A1A59A90A9F8D7E5C24682F6CF5AC4B
                                                                                                                                                                                                            SHA-512:ABFC6FEB7D8870F52DED8BA0307C6B835347144D9B57FFCE2B496F7560D03C89D5C7F4D20A625110F02F6DF7967FE3D98AC322F7D32651E34095C9A728F57836
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..-.....................W./# F..........r.5*P...-.....................W./# F..........r.5*P.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):45352
                                                                                                                                                                                                            Entropy (8bit):0.3953839091135589
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:KOMI+PTQ3zRD3KUll7DBtDi4kZERD6b3zqt8VtbDBtDi4kZERD:bMV7Q1+Ull7DYMgzO8VFDYM
                                                                                                                                                                                                            MD5:711A4DA84A9F093D3F633487A86CF8BC
                                                                                                                                                                                                            SHA1:1548A4BBC3F5DC339905E8A1312A237AC0DA4F75
                                                                                                                                                                                                            SHA-256:0B031872F9503CB8A1945BDFB617AAD73A69ECF15EF6E461C46D6995583C4551
                                                                                                                                                                                                            SHA-512:48A770EB0F68653FC9AE98DB7FCDC6A3E51E8922B00CB7FC08CF12076AE4EDD9E8ECD90FF3B32BE89555B253F80D3E3A0EB3463FE6D11F7C506C6B2F21AF9A7B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:7....-....................0........................|+SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2278
                                                                                                                                                                                                            Entropy (8bit):3.8512895532912186
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:uiTrlKxsxxUxl9Il8utLFG0e9Rd7XeuMjGWRcd1rc:vIYLhG0cRxXeaWN
                                                                                                                                                                                                            MD5:D3AC053BA1C95D47B5FCFF00E1773470
                                                                                                                                                                                                            SHA1:0F23B89EEE9798280C0D7D39B374D41F77F8C2C7
                                                                                                                                                                                                            SHA-256:8D387A137867E8A33E12CBBE47486106ECF52D6A75B0CD86A4777FEECD4BA4A9
                                                                                                                                                                                                            SHA-512:D0C52A98E84057092A5B31D980B305DDAE8E29FE1EB65F766DA0C738553E71A2E9388DD2480AD275E66F2F003AF25354DB8EC74FF8E7E527E0EA2182F44D1866
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.C.Z.S.h.J.h.C.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.q.S.S.S.n.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2684
                                                                                                                                                                                                            Entropy (8bit):3.899483739205371
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:uiTrlKxJxsxl9Il8uthCDvpVElABJu+YixP6XBlNUaAxd/vc:BYLgDvpVlgDTF
                                                                                                                                                                                                            MD5:11E4C6FC45D1C9E2ACE23EFFEEFF9F50
                                                                                                                                                                                                            SHA1:08524A9D9DE1AF3CCD776BA25823098437FCB0CD
                                                                                                                                                                                                            SHA-256:B4DD63FE2FBFB67197D02FF8A3440C762AFE23D84658665B9592D66CE5083E7A
                                                                                                                                                                                                            SHA-512:31F70637DEB3C91DCC157571E244F5913BF72583CB6698336D83A597669CCAEF70ADE839DC057376FE70FFC22DEEDA87D957BD2B315CDB86F2B8A7C2E48837A9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".f.Y.z.Q.m.2.F.h.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.q.S.S.S.n.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4542
                                                                                                                                                                                                            Entropy (8bit):3.998360776352433
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:PYLTn0Tn+1wua5Ga2akofnqM8Fw8eT6ip3kMS1M77XB+O:PeT0Tn+ezXnqNaN6SNdzB+O
                                                                                                                                                                                                            MD5:A7853765085A779B7A5E6A34B00F4AD3
                                                                                                                                                                                                            SHA1:BF296C0F1227340DD69B5C6CE95E38E3B152BC7F
                                                                                                                                                                                                            SHA-256:BD4CFA54BF622CF7CD1818F77A5E5BF79413C57D1F2613DE30F8E047609540F0
                                                                                                                                                                                                            SHA-512:53DF6D2566FAEDC948BADA8FB4C9DE9A8FCCC5F0BDEC58BDFD06A6C2AFBCEDF1B5022AF129AD003DC3FD9AA0A8F46034972BADDF3F868E3D1F80429E1BF5DE0A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".5.U.Z.H.a.p.B.C.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.O.q.S.S.S.n.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\I2SXDPAK\IMG20241129083729 (002).jpg

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=11, height=4096, manufacturer=OPPO, model=OPPO Find X3 Neo 5G, orientation=upper-left, xresolution=146, yresolution=154, resolutionunit=2, datetime=2024:11:29 08:37:29, width=1840], baseline, precision 8, 1840x4096, components 3
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2453007
                                                                                                                                                                                                            Entropy (8bit):7.976718729017794
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:KRcfiCfSk0xTax2p1pPDPr4Xe4TqO9LJweGtwZoJpks9:KRcpU1Rs2SweGtpJpk
                                                                                                                                                                                                            MD5:45A22CBB7D4E4E6C04BDCC466D60AA3A
                                                                                                                                                                                                            SHA1:F6881E20A7C1A0A71A6FE132AEB48D0BE51E71A6
                                                                                                                                                                                                            SHA-256:580D82773B16ABEDDF39BBD128ACD1456F08346BD6EA27F329451E762827230D
                                                                                                                                                                                                            SHA-512:B816C54205E082198D732B60F51E390F3B49AB6707B85AC059074334E518F62AB17634AD8F370D5FF3B38E263B17D2B474D573348B1DF33CEABDF83A32A2F64B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......JFIF..............Exif..II*...............0...........................................................................(...........2.......................i...............H.......H.......OPPO..OPPO Find X3 Neo 5G.2024:11:29 08:37:29.".........R98.........1.0........................."...........'.......(...........0220........n.......................................................................................................................................|...............................290.........290.........290.........0100............................................................................................ ...................2024:11:29 08:37:29.2024:11:29 08:37:29.+01:00..oplus_32....d.......d.......d...............................d.......d...{"PiFlag":"1","nightFlag":"0","nightMode": "0","asdOut": ["0"],"iso": "296","expTime": "10000000","fType":"3","bkMode":"0","aideblur":"0","aisState":"0"}....4ICC_PROFILE......$appl....mntrRGB XYZ ........... acspAPPL....OPPO....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\I2SXDPAK\IMG20241129083729 (002).jpg:Zone.Identifier

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):26
                                                                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                                                            MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                                                            SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                                                            SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                                                            SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\I2SXDPAK\IMG20241129083729.jpg

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=11, height=4096, manufacturer=OPPO, model=OPPO Find X3 Neo 5G, orientation=upper-left, xresolution=146, yresolution=154, resolutionunit=2, datetime=2024:11:29 08:37:29, width=1840], baseline, precision 8, 1840x4096, components 3
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2453007
                                                                                                                                                                                                            Entropy (8bit):7.976718729017794
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:KRcfiCfSk0xTax2p1pPDPr4Xe4TqO9LJweGtwZoJpks9:KRcpU1Rs2SweGtpJpk
                                                                                                                                                                                                            MD5:45A22CBB7D4E4E6C04BDCC466D60AA3A
                                                                                                                                                                                                            SHA1:F6881E20A7C1A0A71A6FE132AEB48D0BE51E71A6
                                                                                                                                                                                                            SHA-256:580D82773B16ABEDDF39BBD128ACD1456F08346BD6EA27F329451E762827230D
                                                                                                                                                                                                            SHA-512:B816C54205E082198D732B60F51E390F3B49AB6707B85AC059074334E518F62AB17634AD8F370D5FF3B38E263B17D2B474D573348B1DF33CEABDF83A32A2F64B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:......JFIF..............Exif..II*...............0...........................................................................(...........2.......................i...............H.......H.......OPPO..OPPO Find X3 Neo 5G.2024:11:29 08:37:29.".........R98.........1.0........................."...........'.......(...........0220........n.......................................................................................................................................|...............................290.........290.........290.........0100............................................................................................ ...................2024:11:29 08:37:29.2024:11:29 08:37:29.+01:00..oplus_32....d.......d.......d...............................d.......d...{"PiFlag":"1","nightFlag":"0","nightMode": "0","asdOut": ["0"],"iso": "296","expTime": "10000000","fType":"3","bkMode":"0","aideblur":"0","aisState":"0"}....4ICC_PROFILE......$appl....mntrRGB XYZ ........... acspAPPL....OPPO....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\I2SXDPAK\IMG20241129083729.jpg:Zone.Identifier

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26
                                                                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:gAWY3n:qY3n
                                                                                                                                                                                                            MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B
                                                                                                                                                                                                            SHA1:D59FC84CDD5217C6CF74785703655F78DA6B582B
                                                                                                                                                                                                            SHA-256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
                                                                                                                                                                                                            SHA-512:AA1D2B1EA3C9DE3CCADB319D4E3E3276A2F27DD1A5244FE72DE2B6F94083DDDC762480482C5C2E53F803CD9E3973DDEFC68966F974E124307B5043E654443B98
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[ZoneTransfer]..ZoneId=3..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732906472780646200_346EFF8D-F4FE-4AFD-8709-25BDA452A846.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (860), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20971520
                                                                                                                                                                                                            Entropy (8bit):0.01316786111905805
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:rVevToqSu8CgyH1UijwGVsO5cuSAGur91B:xc
                                                                                                                                                                                                            MD5:A5C89ECB2B1567784DE3F3B12F53F600
                                                                                                                                                                                                            SHA1:FC95BA58782ACF4E5EA3C0A7F236E3619722317B
                                                                                                                                                                                                            SHA-256:A663BBF49C37EBEBF7AD67D99EE7C42B21663F2C2E5CF62E8345298D4C9C2AB3
                                                                                                                                                                                                            SHA-512:BA7BF95F284469C09046CBC5403B7860A2FF52E47A95C954FCF91055E894056137A983005719F487148AFB37A1F8703E289B39CA44F1B5ACB660417D56701835
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..11/29/2024 18:54:32.807.OUTLOOK (0x137C).0x15B0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":17,"Time":"2024-11-29T18:54:32.807Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"1F9688AA-D314-4BE8-9052-CF86D531C97C","Data.PreviousSessionInitTime":"2024-11-29T18:54:17.610Z","Data.PreviousSessionUninitTime":"2024-11-29T18:54:20.657Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...11/29/2024 18:54:32.839.OUTLOOK (0x137C).0x1858.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1732906472781383600_346EFF8D-F4FE-4AFD-8709-25BDA452A846.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20971520
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241129T1354320599-4988.etl

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):208896
                                                                                                                                                                                                            Entropy (8bit):4.888573335307735
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:U49z9w35ImJdH1+0DKKlKPjQaIh8HAhcNTia7ntyXfF:U49zK3eHyXfF
                                                                                                                                                                                                            MD5:B0C181E6E8CA7CAC8310846CA6994721
                                                                                                                                                                                                            SHA1:8D11984E5C63073F9213403EAAF0223E1060227A
                                                                                                                                                                                                            SHA-256:B9E6D75B97EB4F88402E1211A9FB11350080632D8E31E75B3641DD97DC31C90C
                                                                                                                                                                                                            SHA-512:BCE8BDBEE4ED7AFE5BEF815F940D37D50D56123E3E9C84B561E65CCC533ED903B71D1C094B2AAC10E6DF6D3667DD7DADBA88CE6429105D6F0C11EB783E615D95
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:............................................................................`.......|..... .B..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................pV)V.Y............ .B..........v.2._.O.U.T.L.O.O.K.:.1.3.7.c.:.8.7.b.3.b.7.d.1.6.3.d.1.4.9.3.2.a.2.f.1.b.d.a.1.3.b.3.0.b.9.3.6...C.:.\.U.s.e.r.s.\.c.a.l.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.1.2.9.T.1.3.5.4.3.2.0.5.9.9.-.4.9.8.8...e.t.l.......P.P.....|..... .B..........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\olkC0CA.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2321935
                                                                                                                                                                                                            Entropy (8bit):7.976402303846239
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:UiCfSk0xTax2p1pPDPr4Xe4TqO9LJweGtwZoJpks9:AU1Rs2SweGtpJpk
                                                                                                                                                                                                            MD5:644446D6B4086C70CCD0388473BC84A5
                                                                                                                                                                                                            SHA1:2BC9198B89B8D9041DFE6B009FD6437370C5B368
                                                                                                                                                                                                            SHA-256:164C987B1AB37F752441CB6763A2C397F20D34B4FA5ACB4E6486232330C72D4E
                                                                                                                                                                                                            SHA-512:4853FA99C1CE973A11CADAC06CB1F73599E7E2F0FF19271C5C6CD669D087F2F12BC2092B770A95EC780D52EE43BB237BB6E6910BD38CC1EC47AA8A4E0FFB303D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..d4...../.'.{R..u9Co...?..].......Mn..i.2......%.;n .....X...u.8j>....Y......>..O@..5.c.{y.. w .<...L....I...v._.d.[.3....]....[..H...y..r.i..x.Y....~..o/...rz.......Z........C..`.=.Y_@ZnV......I.....}4.O.A.........mi...!..\*...y.tZ....*A.+5..l&.....5..._.u..O..-g.975.;.G.}A..b.Y.5.cD.l...1.]..t.|)...|.. .Z........gY].........Ls..8\.V.......T-....v.3F.....zh..,.>..e<.E...$..g.9+....n.)...=..a.Xv..j....x.O.N.5..1..go.Z..K.,W.v...Q..B......q}.x.B.n.}Br....j.0...x....X.+e.....".p}.U_....}...Yb.bB......+m3..}...T.o.b'..pO.4..65?..z................%.w....%..g<[.F....?.Ak9...7.k%..NI8b1.....|Yl.ZZ&.c.D.$.x>..........\....P^.]....y.3.s[.z&..].ji+E$.. ?..n.K..C..uK......Va7%@..j..&i.....\7.e.UU.T..)t,.X_\..[....%...>p=.....n..X........&...._....o....9....|..*.W=iu..Z.V.W.u..V<..>c..].+hH.....7...e.....7...8...{.Z\.7...&T?%.8.U.<C._.....2A.F1)/..?.Y...Z...../c...;F.....K.].....M.d.V....Eh.(W=..ij.wk...-..Z.Z4n.9.U.?.ZxV..Y..j.!.`0

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30
                                                                                                                                                                                                            Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:LXlt:7l
                                                                                                                                                                                                            MD5:BAA58BA75A55A906718C5E12B00AA852
                                                                                                                                                                                                            SHA1:B3FB6A1836B54FB9D6F34FE6C7AD583CBE69F2B3
                                                                                                                                                                                                            SHA-256:DF204CD3FF2EC1103EBCDF188B5F2C1FC0598E9B560EE850C153E9FD39DAEB3A
                                                                                                                                                                                                            SHA-512:DA135705F03D422C336A6798FE7BFCD6701C2C1B56CCFF5EEC251CAD06FBBAF384DC08B85044880DB4C12E71B47D68ED7EF0C2437D9EA33083E88CF4EE98266A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....|.........................

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                            Entropy (8bit):0.6696596377787132
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:rl3baF2qLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCYmqp:rsmnq1Py961fe
                                                                                                                                                                                                            MD5:70B5937B69E386E8B0F859DB37B86BC3
                                                                                                                                                                                                            SHA1:E8DA54842DA90044CC2D869DB28CB39063A9FEFC
                                                                                                                                                                                                            SHA-256:41AC6CA17DC52DF2AD94F1FDD6212F5BAD1AC4A12D7DB00B14A558FB294EF94B
                                                                                                                                                                                                            SHA-512:821F2CCFC2D9F2A7B8C55C9A9EEF65F9EFC10FB5B8657434D8538EF73D9B54F4D6389C776A1C2622C000250096FF4A0FA322859C15B52ED2CD11F68DB19B7699
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14
                                                                                                                                                                                                            Entropy (8bit):2.699513850319966
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:QGiWlG:QGbY
                                                                                                                                                                                                            MD5:C5A12EA2F9C2D2A79155C1BC161C350C
                                                                                                                                                                                                            SHA1:75004B4B6C6C4EE37BE7C3FD7EE4AF4A531A1B1A
                                                                                                                                                                                                            SHA-256:61EC0DAA23CBC92167446DADEFB919D86E592A31EBBD0AB56E64148EBF82152D
                                                                                                                                                                                                            SHA-512:B3D5AF7C4A9CB09D27F0522671503654D06891740C36D3089BB5CB21E46AB235B0FA3DC2585A383B9F89F5C6DAE78F49F72B0AD58E6862DE39F440C4D6FF460B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..c.a.l.i.....

                                                                                                                                                                                                            C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4334592
                                                                                                                                                                                                            Entropy (8bit):5.660495898117888
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:q92Orw/FfHXBQd2+zmzwPOP0SmEAVUKxC52eRbNEchE4Gw2mWv:a2GwBX2NitP9y4Ecjuv
                                                                                                                                                                                                            MD5:F179D910FA37097E2313740059F60B50
                                                                                                                                                                                                            SHA1:3DB5DE160C5B29BC8FC7319A9555CE123B2F0868
                                                                                                                                                                                                            SHA-256:EA71C39A797AEA3A039A40D1969A0DC94B5DBE2121F244962CBC4EF845EE8EA8
                                                                                                                                                                                                            SHA-512:171CD971495FD7E10B4159686E36DF6D000422060DA38F03A096BA595FD0574A6DAA3D476BAE6A18105F47D21E3BDDAB99A868E8D0D33EBB8C71A97B7206B983
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:!BDNR.1.SM......\...]...................e................@...........@...@...................................@...........................................................................$B......D>...............................(..............j(.........................................................................................................................................................................................................................................................................................e...].......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2621440
                                                                                                                                                                                                            Entropy (8bit):7.847387007490861
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:zIHeUGDH8jHt8okdOxOHRQQSBIFmGyyiw0FmuJgz+vlfKeFlK:zZwjN8TdJRvsoqNWXJ
                                                                                                                                                                                                            MD5:7722996990CAB5CB47E94EFC5F878F0F
                                                                                                                                                                                                            SHA1:D341468D5E3E4FB882F9A1CF828F146F6C085820
                                                                                                                                                                                                            SHA-256:39D244F70840D023E4A2EC9FD4D2F056BA90C6C7139E2579CA8E94EB5913E2F6
                                                                                                                                                                                                            SHA-512:7C458975CD568EB6D54B3739FA815BB286DFC737CAA1B2B6B65A19DA1E454F86DE784976132C7D6D6E42B3D54DBA5673F71BB989F7455EF559E80B124B09D6A5
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:%0.'C...........|....Fk .B....................#.!BDNR.1.SM......\...]...................e................@...........@...@...................................@...........................................................................$B......D>...............................(..............j(.........................................................................................................................................................................................................................................................................................e...]....Fk .B.......B............#...................................@.....................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Entropy (8bit):6.0435310912605225
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                              File name:FaWdBSmJ.eml
                                                                                                                                                                                                              File size:3'376'437 bytes
                                                                                                                                                                                                              MD5:977b70ea459e7bf76901281ad0089bc4
                                                                                                                                                                                                              SHA1:88b704b8a146f07f7fb5b9113d92e1bad71e8984
                                                                                                                                                                                                              SHA256:60dbed0f628e02ff398640880078801604628a6975e8d0ec03bcec0d1732f239
                                                                                                                                                                                                              SHA512:f1a874868749a0e0365047523ceb7569f57b3372b696d5fbf781433021a8fa8cec695814cdd4718d6220220572bb1a216b71e99c143faceaa4de1b3fdc0d67d0
                                                                                                                                                                                                              SSDEEP:49152:Xe4pU7NFC6Q2027dOD3d3dN6/VnN2bNYPo2:i
                                                                                                                                                                                                              TLSH:36F523388C576FC70E11A166F276B92B7DE6D58319C90223835C87F470F60B8AE67876
                                                                                                                                                                                                              File Content Preview:accept-language: en-US..arc-authentication-results: i=2; mx.microsoft.com 1; spf=pass (sender ip is.. 91.207.212.93) smtp.rcpttodomain=o-i.com smtp.mailfrom=st.com; dmarc=pass.. (p=reject sp=reject pct=100) action=none header.from=st.com; dkim=pass.. (sig

                                                                                                                                                                                                              Static Mail

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Subject:[EXTERNAL] regali giorgia
                                                                                                                                                                                                              From:Stefano LOSA <stefano.losa@st.com>
                                                                                                                                                                                                              To:stefano losa <due34@hotmail.it>, Sandra Magliocca <Sandra.Magliocca@o-i.com>
                                                                                                                                                                                                              Cc:
                                                                                                                                                                                                              BCC:
                                                                                                                                                                                                              Date:Fri, 29 Nov 2024 07:45:18 +0000
                                                                                                                                                                                                              Communications:
                                                                                                                                                                                                              • CAUTION !!! This email originated from outside of O-I. Do not click links or open attachments unless you recognize the sender and know the content is safe. ST Restricted <!-- @font-face {font-family:"Cambria Math"} @font-face {font-family:Aptos} @font-face {font-family:Consolas} p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; font-size:12.0pt; font-family:"Aptos",sans-serif} span.EmailStyle19 {font-family:"Arial",sans-serif; color:#002052} .MsoChpDefault {font-size:10.0pt} @page WordSection1 {margin:1.0in 1.0in 1.0in 1.0in} div.WordSection1 {} --> CAUTION !!! This email originated from outside of O-I. Do not click links or open attachments unless you recognize the sender and know the content is safe. ST Restricted CAUTION !!! This email originated from outside of O-I. Do not click links or open attachments unless you recognize the sender and know the content is safe. CAUTION !!! ST Restricted ST Restricted
                                                                                                                                                                                                              Attachments:
                                                                                                                                                                                                              • IMG20241129083729.jpg

                                                                                                                                                                                                              Headers

                                                                                                                                                                                                              Key Value
                                                                                                                                                                                                              accept-languageen-US
                                                                                                                                                                                                              arc-authentication-resultsi=2; mx.microsoft.com 1; spf=pass (sender ip is 91.207.212.93) smtp.rcpttodomain=o-i.com smtp.mailfrom=st.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=st.com; dkim=pass (signature was verified) header.d=st.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=st.com] dkim=[1,1,header.d=st.com] dmarc=[1,1,header.from=st.com]), i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=st.com; dmarc=pass action=none header.from=st.com; dkim=pass header.d=st.com; arc=none
                                                                                                                                                                                                              arc-message-signaturei=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gbkSToKz75AdiH+dKSetK+/O8ACSA9le54nCRKOyxwI=; b=XcDdANlnv9nX2LLjqHXDVWmqQcKte9e3pAql0NrEw0Dl4WUUODPcpb0HbMMEi+zhKLO9/ukvNdSZjteXb6+lPtkh6De7JSoZVwYS7lEx4IhZlGFnH+87SMKUOzSSgWu3hctYbCjRb0eZoc60IB73lS8OfrLLPo2cCL8tfuIA5a7Pneau/kxMRlGVZflZ1Z30f4vSr569D/Xzw/6xRwi55FNzSjIL+3+G9fuoLpiBtD/zjg64fHR79kEWjWp5Pa+QhUWW7ilc02w4v3p6P/iVTKxUSRN990A/FhqkCM273kqLHhIfwiIvD4G26qbH799J0ZwtnJg6ACXjLF/n4lvEjQ==, i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gbkSToKz75AdiH+dKSetK+/O8ACSA9le54nCRKOyxwI=; b=UZHGQsFv+pW9wA2SIa53X3WyOvUs7hx86KsUpezycgGkB2mr/2GF+5KZjpbQ9YyPbp1vZ+zvHTfXsQ6XuW8kU+0isJpx1CAoMPRfouxbYZchY4dSmt+mwyErrWgr24P6GOmQZybnjCJ2RCk/HLe+AK/CS7bgNGSN72wHIWQZilu6Khztf7XMylGmr/V2XAu8Hgfu0nprUXtF1e4ynGyM7d4rsPLGEbGv/rbsgbmsy/IOVQqJTbkbqodARUDckznFFVqpPuyPXbODpUIUeO8FC1TtgwZ2FIec9MxnivRXK6L5FG/XfTOaqplOd2wXCSJ6kv7BNOaoJZB8PM0m3XUpBA==
                                                                                                                                                                                                              arc-seali=2; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=pass; b=FuZem1wxvLydAb2znf5SAbIchFhhS3Rnz8vgXIAc+mWajEOdJ8jSk18W+CGjp747fFN/31qBXzyVItWxxKPU+E+B2XzutwhmXAynCpdD+6QXX9im/iLNzoENFS0NOpXNo3CH3scooWi99sKpQ+2MoioMghIoJvPylXoeFDWToLxZHsAc4LFrGg7rDjNd+0t27nh1ukQhO1AGFfK7arQyVIkHaQejRe7+NNhAN0Wm30lhDLjoJTphrVdpZ3+aPN8EBbJubONHSZTWTbb4MZwcIsWXxrP8j9S7yphXPPqAYXXB8cOUKGhUZA00lGNUr43HhW0yNitGmjjbe2CXAnlwXQ==, i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Sj2VkWcEHB0xwaJavsxcCxTmOi12ywT7de3OqRRvcL0CuJ8t1Wjkv7BKd4bJ5QFwGccmRizlb15T7WAZIKRazclBRMGJBVCrKwx4tyOTDHHnSOfva2W+CFy5oRaEXFUcQNbrBr77JjAw7FCd/ZBH+TlHj36/6tp+NIY4vtIkVG5QAK5OFtWrZQ5Z4k4O0lv/DWKMNlw8CkXRPNsRfailpPNDgEpga/EXDufyy587Ot7SWWrBZzNYr6Cx3IP3mdKoZQ5ODKl37g+am52n2OBGHg4NubE5FBstnx8EXW1185K2NIMFPc8XZ7Ox8/V2NGRt/c+GSORESDR2yHqKK2Y00A==
                                                                                                                                                                                                              authentication-resultsspf=pass (sender IP is 91.207.212.93) smtp.mailfrom=st.com; dkim=pass (signature was verified) header.d=st.com;dmarc=pass action=none header.from=st.com;compauth=pass reason=100
                                                                                                                                                                                                              dateFri, 29 Nov 2024 07:45:18 +0000
                                                                                                                                                                                                              dkim-signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=st.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=STMicroelectronics; bh=gbkSToKz75AdiH+ dKSetK+/O8ACSA9le54nCRKOyxwI=; b=mezxY5d/Ni0GLh08b/G9o0a+cTKVgyb CJo4Kc8SuakXItWLDDRwt4NRpfFbr0mdy13G5UoeBKQ/OUkg7n+XXsDqVFVC8EqL 3avKNw7+lxv5WTehCr5AT9UbGz+WUbgsWinTA3WUkB8KehgI29kL4JlfbSMJyEkv +PcXNnf0RM/a1HBy/ojsD/0Mi19Eg3pMfcTyn4ycVrp6LDZVcoFZIOyQJTK9sEfg 5UcyEVPkteMx2FQ4n1hE3IGa3r8acKAenzrcDoWIxUIwB4m81I74SvVgh81ClBKJ LVBYl2cGlzwKSI4UGEupVBLgirZlxQiwt8bwWPh2xSm+9doybjbm7Eg==
                                                                                                                                                                                                              fromStefano LOSA <stefano.losa@st.com>
                                                                                                                                                                                                              in-reply-to<GV2PR03MB8777571040A93D1254230428C02A2@GV2PR03MB8777.eurprd03.prod.outlook.com>
                                                                                                                                                                                                              message-id<VI1PR10MB820671D7150AE1D4F81F1C08E92A2@VI1PR10MB8206.EURPRD10.PROD.OUTLOOK.COM>
                                                                                                                                                                                                              mime-version1.0
                                                                                                                                                                                                              msip_labelsMSIP_Label_23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0_ActionId=63a68ba2-13e4-49a7-8cbb-ab291aa34af4;MSIP_Label_23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0_ContentBits=0;MSIP_Label_23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0_Enabled=true;MSIP_Label_23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0_Method=Standard;MSIP_Label_23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0_Name=23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0;MSIP_Label_23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0_SetDate=2024-11-29T07:44:45Z;MSIP_Label_23add6c0-cfdb-4bb9-b90f-bf23b83aa6c0_SiteId=75e027c9-20d5-47d5-b82f-77d7cd041e8f;
                                                                                                                                                                                                              receivedfrom CH3PR07MB10627.namprd07.prod.outlook.com (::1) by MW4PR07MB8476.namprd07.prod.outlook.com with HTTPS; Fri, 29 Nov 2024 07:45:54 +0000, from MW4PR04CA0322.namprd04.prod.outlook.com (2603:10b6:303:82::27) by CH3PR07MB10627.namprd07.prod.outlook.com (2603:10b6:610:21c::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8207.15; Fri, 29 Nov 2024 07:45:43 +0000, from SJ1PEPF000023CC.namprd02.prod.outlook.com (2603:10b6:303:82:cafe::45) by MW4PR04CA0322.outlook.office365.com (2603:10b6:303:82::27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8207.14 via Frontend Transport; Fri, 29 Nov 2024 07:45:43 +0000, from mx08-00178001.pphosted.com (91.207.212.93) by SJ1PEPF000023CC.mail.protection.outlook.com (10.167.244.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8207.12 via Frontend Transport; Fri, 29 Nov 2024 07:45:42 +0000, from pps.filterd (m0369457.ppops.net [127.0.0.1]) by mx07-00178001.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4AT3h1Gw015441; Fri, 29 Nov 2024 08:45:39 +0100, from eur02-vi1-obe.outbound.protection.outlook.com (mail-vi1eur02lp2045.outbound.protection.outlook.com [104.47.11.45]) by mx07-00178001.pphosted.com (PPS) with ESMTPS id 436719g672-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 29 Nov 2024 08:45:37 +0100 (CET), from VI1PR10MB8206.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:1d8::20) by DU0PR10MB6725.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:403::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8230.4; Fri, 29 Nov 2024 07:45:19 +0000, from VI1PR10MB8206.EURPRD10.PROD.OUTLOOK.COM ([fe80::e98f:7dec:b0c5:84d0]) by VI1PR10MB8206.EURPRD10.PROD.OUTLOOK.COM ([fe80::e98f:7dec:b0c5:84d0%3]) with mapi id 15.20.8230.000; Fri, 29 Nov 2024 07:45:18 +0000
                                                                                                                                                                                                              received-spfPass (protection.outlook.com: domain of st.com designates 91.207.212.93 as permitted sender) receiver=protection.outlook.com; client-ip=91.207.212.93; helo=mx08-00178001.pphosted.com; pr=C
                                                                                                                                                                                                              references<GV2PR03MB8777571040A93D1254230428C02A2@GV2PR03MB8777.eurprd03.prod.outlook.com>
                                                                                                                                                                                                              return-pathprvs=20635e3c9f=stefano.losa@st.com
                                                                                                                                                                                                              subject[EXTERNAL] regali giorgia
                                                                                                                                                                                                              thread-indexAQHbQjGY3GFAKlCtY0+4GQi+9iaO/bLN4NlQ
                                                                                                                                                                                                              tostefano losa <due34@hotmail.it>, Sandra Magliocca <Sandra.Magliocca@o-i.com>
                                                                                                                                                                                                              x-eopattributedmessage0
                                                                                                                                                                                                              x-eoptenantattributedmessageaf0ee343-0c80-42be-aeac-d688e63ecf48:0
                                                                                                                                                                                                              x-forefront-antispam-reportCIP:91.207.212.93;CTRY:GB;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mx08-00178001.pphosted.com;PTR:mx08-00178001.pphosted.com;CAT:NONE;SFS:(13230040)(35042699022)(8096899003);DIR:INB;
                                                                                                                                                                                                              x-forefront-antispam-report-untrustedCIP:255.255.255.255;CTRY:;LANG:it;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR10MB8206.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024)(8096899003)(38070700018);DIR:OUT;SFP:1101;
                                                                                                                                                                                                              x-microsoft-antispamBCL:0;ARA:13230040|35042699022|8096899003;
                                                                                                                                                                                                              x-microsoft-antispam-mailbox-deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                                                                                                                                                              x-microsoft-antispam-message-infoQp2zTXKTWd15/URiMsO4O4ina+MscUY84aKfNwQy4IDikQoRJLR78o1dTYhJgoAaoG5cr8CdQHgZNQ59m11D65LY3vANKlr4SjFt0GWL3GW1wvhevMFmohky20CV1rtrM5wAPRb7AL1FTWZnVpUTrxW/GMX9ZZ09/h8PdRNzmwxqGS2temVixraTP8EOw0nISysMJApwEc7eo8efGJMr1yV4R4OyvhtZL9GkONDcJNIJAZawYDJoxKToLG/KSUsJLeo3P4a5BOWkL8YSMKYhZmQx2lo0h3QrhGntdsuuWyxV+mqdC7bQ69EZka07MnrrjtX74rGreBe//mp79tsJ9rkAFLMaa8g6SnNUWcsihr9vK2viQo4oo1QV0cBE9l7s0iVrG9BqdJlgB5tJ21P3amx8o6NpTDmFZyFWTjxq6XBRadd8m79xrcz/hYRSKEsBWYgNUViWznv/kt8gA+WRCkTgTY3VaP7kHKqLFv54NSwGo5Sa1YM4WV8VV/Ulsh7N9tBMAt4+CIX8EAuy/5b0Mqwa1XZux3yJDt+Bmnaa0RB3lqhPRYuw/YqY1meNx9HuH/udn02V+uWazeUK6ljXkoxFrFEdXWtdHmWqln5fd0kMTs6uqtZ0IXYyJgOKr+fhZSlfzK7GlIchVqnYXC3vEAct2fHMS0x5AteKydO/nbfoo+7jC2Iy4PnSv99teQM9YiNURzx0Xk/nqk7v1YJcscYm+izpxXeN2/If7wirpXdVtmzk/P21GE2jgawYhNhjQ1odGyvClDc4atT0OjVjtpn7UBNd8uQ0meilrS1Pr4xLYQbzQAWr1q4H9J42rkmYXJZtz/GNU2qHVGkK1dbjw0r1qyyUFr1QW1ngMPoz8PuohhOiXBrERdbjUetuyNNZjeKmjiQsaTaCqII0xgCZXQHNUefAg+6+/akHtiE23QAT7hdi6GipODleDqbFAaWrW37b3mZGpHZkYdcyyzwMZuh4wRj6qmcTUb+PXoxjXxpUWTiN79usTpD9h7YSt/IhzPKZl7nJMsXjjpGnlzizyorYynI7sKvHxvEsEVQWJ19PT5tkBgkZEnnHAT/9umd9amokN2bffVBka5hqiAGVVhtgw0PP0vVh5vD7Vcrzv4aT1onkiAHaeWz0SgeGvOegGIxZ+GDkRZT9yBgtWeAgnlrAAD2wO1RTobbIYfOcvQvgp6f12ADMIJhk8eV5gM3LruYtpRHMmOTP1X9i6rIwYfe8JrmWYWQOhihw+CTfPcrUr5HttBIbvS7dYn/phdAl+DY6c/rMKoCqHsm6p4/mcDIFsZUJ1q7Jtay1QnnONBlj3qxUwQaRR6LSMeaOzuBSA2ELdyrGimhxPYtx4uY8w9CbQdDP8gC+7DlZM7uTaQ2bcKy3u6jItklkns2yD3XwIt+o7j35yetYV75a04JoQiMYKMXq33Sf5QfJuOGd+7JD2z5QkbiJF6Y6+j3oKcbXcKNDV4WvjruPYNR1Gndtq075cuslAEvsbsonloB1asM4H59BTBChMMKuuIBArFt+lk5yzjCbObAmpn+aPZP404u2xSBOgfM1m9r3KKfB0kuqGvQmocNdDCzJwEpB3OrKV8fz/IQUSsLjO0D5J9uBSu4g6DuAjJFPlke1rE275St0pmqHE7SEK5hc0PO/d10pTP5D+jdo+wlaF3h0FBbCalX/SqQbsZ9JMTlKBS7n5ahnEskfiPH2j3N4PwPaxf2i/uDPxWqHL3VTErRGbt8RX5BnTRg/wy1dGRLaXAUKJImUqlfxQ64oyyB3dn3Z6P4oMbZ/kv2aMO/Vtefy0tcGLB1Z1LqqgDhItDB5YXJvdAs2LP5tZHNEZdQ9jMaZfPFQG0TgYbGzpZribZTqKoICR4fqnaP2dcasP0BQx5FlWfwyRqyoYzBfL2milWHIQKEdCRX1tvD2RRwMzvVGZMz085AP4EqVvCJPM/NhrhY6uUZIocoleg9f+Y3LrVzpFw7A
                                                                                                                                                                                                              x-microsoft-antispam-message-info-original65Wr9P6sxLSHoFY7oFeNiW2tI4sEXpyx49LTuT26g5RWfWkdQQ7QbCCLy3DFr4pZeieE1eL5ZfbfWOhAZFCE08EOuIODsgFM/L+OyU5b7X9gMzNxYr0M7zVzpBC9RXMQUbr6NQzWXwxIF/dZS0JfpRG9xiJ+QGPkcnldSPDaouqkjWHkodEuKppK+rpLwWQBx+4nceEkQffF9ZuqbwISBp1DwU+yento4u/L5GnkUEuM7k+DjugxoLDJBjNLCChiFgBnlC1Drj3gopcqBBctCRV/pHzooA2jE7mkc4g4Iv+m4VVXWb0TpZpS8YXCoKxNykeS7KusFa7LElIpvDGqP0LYY3Z11KdCDM9xvh8AVbWyuxzaI5O66cNkKSAdXzM2uc/3/a6haEFm5vWD2n0vdNabRVmsZZktzIkDf0l6ksUZshR9vXzAk9JDanVNJAWejrOS89VvB8YgyUIwGXX4VmBO/k0e+6DFrDw/KBVU/Sed0CXsvFKvTyVOhuH7+gFPjCBXxy4Og4lrJh09SjZjyfY3EXbUuZgkthaMF+ScK84QRFGMf0BYk6DV+ngxOlBXjp69cwC3+JBIzTB8uSl63QXdV6pD5dwRHqiTei7BTaERIApkPQwO+nqW4mh/MQjKsnLJmY5jBPG+LXGo8Ys4GOWm1ftYdevdwc5KljF79lk3KIvTHM5XiTq8m7294Cu1pQt2tYe8MNsj9OfcZwCdmJuD7EunA7NNhEa0pRq2S1oHjt+edA3oEUN0pwfFfmjpM6KK8qTUI4PPdh7/rtMp7rv2Kc4Ad7pY+9I6yjDoMelvXvXoWdBdX8+w6+g8jIqGhNfUfwsIcLk1pWSxma/pciz8UR0KzNyQvMVd3ddr7+E8cS1mFyIC7mb9hu9eT5kXIAxg3uOEdhxXIXuG3thvHjmAU3eRV07IrXJzdN1ls20GJ9jMhlBWATCZEK5yEhgt9JKE0CsgRvfeOMQosqZ27rSyH/t+enxPNlJ9Q6/NeNgCGWX8BbBGSsH1s+BXXggJHIDPRwXJFIeWlJ8J9ypiWZxFPzbpHXO0ANRv4qTr6scHxgdZfiYFxm0YfEsrPTBJGkhBDmb22/B9XaxSD/Na7pisJnp/q9iMnGGzy3wDJgpO+18WASmU1P+ydykBmEtW95ty9nr1wcfjB7PStcCesw==
                                                                                                                                                                                                              x-microsoft-antispam-untrusted BCL:0;ARA:13230040|366016|376014|1800799024|8096899003|38070700018;
                                                                                                                                                                                                              x-ms-exchange-antispam-messagedata-original-0gBB873al1x+LKj8rU09mQwaYw0IEUQetextukZddTMbwowVYdUJDDEoaDXXA4MLXkXW+B6JlaAdookliXjwmkAryWdti8QI2pwMi3MnvzU/k8RscQy0s7ZlPcdDKWftoaWUCwrjIN850ggp+8fZZWZ9H+yM1NHt4hmGTqMZIYxZOFa2DcdgWRxBMrdGh7joGw+9ASQKsU61gHYU3MICWlmLQk0Dc5avSl1X0BTZ35Us89zurKA6ScOmJkx3u/zG6L1E/zQ/sETvEbFYLL5DJYiRmuX9Rp8q09TPUaLffRVWYce65Ps2pG9JPWdLyUzwZ6o4QkY5fAdFZUo7c36a1U2nc7j4lAtlb5F0U7nZ6v/q64X/054kTkvlStuVHMalOf/cL+yjLKPWb//nqZj/Ac2R82uQxLXcHPOnbWLvr0UVIVpIwhA0mqJITeRb+7cIAgeSdPgcFLpOBrjLnuEiDWf/MEMfbBEUbYKm8nDDAEt48/W4t0GYSaT7SKvVp7epMMltTI+vYBzknbCYylAuIexYw7AUjU5S02+hvuOZ9YPXmNQ1Z9UwheM/U5UX10h/48OoK4HGfglToBc1lwqUKgxDCpPlX0RALWkd/vsZEl7UCerdhFi6K5Qw1QnF89NQP9EJT2mUD6Zt9MO/gKs8BbzdxkKhP7l5m47U7IYJo6VA21gIG+1ctvELYMaQ3Z3vNxU/4UimdKDMKKZ5vB8H9ke7xnNfrQccZlNH+UMpY5m17T8bWgviR49NNTduOaEgF+WTvyHTtSPBVqPFxIqtBGfD5hVlsFxynW+si7HfpaxmIxKk8vFKqXPfoAUNxAsSVe7WGdOhh2hRRCaYIAyHd80FP8GXRSZ9eWA078df03DJfhOpY2p1BZpn6PqNABSdAaydqVslBfGWr9EBZFdPFmnNk9jubCTpAB6xNQg6QOoAHOqg1a+YWLYdRlVl4TdJWbEV3ZTFXD2EFtC+anpyNmhvSOhniDVh3N41n75nzCsMMMw1Ok+0MuYtQ6reSGx8WZv4Csbmg4KmLbdKW67v7hroQTCUZ59RpNiLwkChSIq8sbF3ozyScxY2ia9vxdmkXOTXXgc0nKRq517k4qwMCNjmeKh4xUAc7ig+uLy4mX1wAqpnD5swBTNaezriYhcrvdptaBvXqIBPsx9I4VjihstssBO4cMCgoZpsfG7Nv816RBjKmKIXvS4GAQ+FO1eIsAsL3mqWzDTDWPxmBWN55Uuyis3Gd/yJstTdR3GP37eJyAClA5CC7ih3/4bxZcdaY8yDYhhfMyxu9ZPWggf9xlCO4oF8nHPfU1IT998cKNMB//bqGZVBz6dTJhT8k62mbsBKavaVdw9NEeZRyNp59R+mVzBYqAhCp3a7nXcFQL67BA+UrB2Qen8PtFgu4vRudrwlekObQKyDHspcM9pbbjS645Sb1HMWht72Qzr9+Jy1J2smjkzOOqFzuu3R93hLy5/6aFuZgUi587h/zmQ5F5G6TVvtT2M6Y6L4iMAhkK6SfWJYRL+o2juAA2OFfRLUm7ff2Qzp1nr76vFoRDiyH2KR8chPmxdxWaoeybkHiJUHvuqaToRBRPw91C3wzIoA2
                                                                                                                                                                                                              x-ms-exchange-antispam-messagedata-original-chunkcount1
                                                                                                                                                                                                              x-ms-exchange-antispam-relay0
                                                                                                                                                                                                              x-ms-exchange-atpmessagepropertiesSA|SL
                                                                                                                                                                                                              x-ms-exchange-crosstenant-authasAnonymous
                                                                                                                                                                                                              x-ms-exchange-crosstenant-authsource SJ1PEPF000023CC.namprd02.prod.outlook.com
                                                                                                                                                                                                              x-ms-exchange-crosstenant-fromentityheaderInternet
                                                                                                                                                                                                              x-ms-exchange-crosstenant-idaf0ee343-0c80-42be-aeac-d688e63ecf48
                                                                                                                                                                                                              x-ms-exchange-crosstenant-network-message-id d5f857f2-aa70-4821-86ed-08dd1049d3b5
                                                                                                                                                                                                              x-ms-exchange-crosstenant-originalarrivaltime29 Nov 2024 07:45:42.0774 (UTC)
                                                                                                                                                                                                              x-ms-exchange-organization-authasAnonymous
                                                                                                                                                                                                              x-ms-exchange-organization-authsource SJ1PEPF000023CC.namprd02.prod.outlook.com
                                                                                                                                                                                                              x-ms-exchange-organization-expirationinterval1:00:00:00.0000000
                                                                                                                                                                                                              x-ms-exchange-organization-expirationintervalreasonOriginalSubmit
                                                                                                                                                                                                              x-ms-exchange-organization-expirationstarttime 29 Nov 2024 07:45:42.7024 (UTC)
                                                                                                                                                                                                              x-ms-exchange-organization-expirationstarttimereasonOriginalSubmit
                                                                                                                                                                                                              x-ms-exchange-organization-messagedirectionalityIncoming
                                                                                                                                                                                                              x-ms-exchange-organization-network-message-id d5f857f2-aa70-4821-86ed-08dd1049d3b5
                                                                                                                                                                                                              x-ms-exchange-organization-scl1
                                                                                                                                                                                                              x-ms-exchange-processed-by-bccfoldering15.20.8207.007
                                                                                                                                                                                                              x-ms-exchange-senderadcheck1
                                                                                                                                                                                                              x-ms-exchange-transport-crosstenantheadersstamped DU0PR10MB6725, CH3PR07MB10627
                                                                                                                                                                                                              x-ms-exchange-transport-crosstenantheadersstripped SJ1PEPF000023CC.namprd02.prod.outlook.com
                                                                                                                                                                                                              x-ms-exchange-transport-endtoendlatency00:00:12.9164927
                                                                                                                                                                                                              x-ms-has-attachyes
                                                                                                                                                                                                              x-ms-office365-filtering-correlation-idd5f857f2-aa70-4821-86ed-08dd1049d3b5
                                                                                                                                                                                                              x-ms-office365-filtering-correlation-id-prvs 123ee740-af8f-4a37-dcfe-08dd1049c543
                                                                                                                                                                                                              x-ms-publictraffictypeEmail
                                                                                                                                                                                                              x-ms-traffictypediagnosticVI1PR10MB8206:EE_|DU0PR10MB6725:EE_|SJ1PEPF000023CC:EE_|CH3PR07MB10627:EE_|MW4PR07MB8476:EE_
                                                                                                                                                                                                              x-oi-exotrb64cf7e6-d6d2-4df7-b0d9-e6ea3ac29859
                                                                                                                                                                                                              x-proofpoint-guidWkNG9Tl_ws0NB31jktCqANbSb4KYAe-y
                                                                                                                                                                                                              x-proofpoint-orig-guidWkNG9Tl_ws0NB31jktCqANbSb4KYAe-y
                                                                                                                                                                                                              x-proofpoint-spam-detailsrule=notspam policy=default score=0 mlxlogscore=25 malwarescore=0 impostorscore=0 suspectscore=0 spamscore=0 bulkscore=0 adultscore=0 lowpriorityscore=0 mlxscore=0 priorityscore=1501 clxscore=1015 phishscore=0 classifier=scan_limit adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2411290062
                                                                                                                                                                                                              x-proofpoint-virus-versionvendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.60.29 definitions=2024-09-06_09,2024-09-06_01,2024-09-02_01
                                                                                                                                                                                                              Content-Typemultipart/mixed; boundary="===============4462179075690485943=="

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:46070c0a8e0c67d6

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.59.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.56.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.56.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.208.68A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.208.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.208.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Nov 29, 2024 19:54:39.746093035 CET1.1.1.1192.168.2.160x3dfaNo error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.211.40A (IP address)IN (0x0001)false

                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:13:54:32
                                                                                                                                                                                                              Start date:29/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\FaWdBSmJ.eml"
                                                                                                                                                                                                              Imagebase:0x550000
                                                                                                                                                                                                              File size:34'446'744 bytes
                                                                                                                                                                                                              MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                              Start time:13:54:36
                                                                                                                                                                                                              Start date:29/11/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "C1D22D1E-2223-4959-B1D2-9DAE0A6D7B93" "B7D5AA36-02E7-4720-ADDA-7D9C0A55A9D9" "4988" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                              Imagebase:0x7ff60b110000
                                                                                                                                                                                                              File size:710'048 bytes
                                                                                                                                                                                                              MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              No disassembly