Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg

Overview

General Information

Sample name:PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg
Analysis ID:1579995
MD5:8ddcfad428194af2b556e180abee5948
SHA1:14cb748450c81f12da4ca58e741f72dde824b512
SHA256:f204fca4c06dff491c4d66eb653c62277e8a5fd8df1bf01effba2ab77b0da87f
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
AI detected potential phishing Email
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7344 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7692 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FF57892E-3C4E-400D-B386-2DB61E24CD79" "A2BBB590-8CCF-4964-9C59-958443D25D81" "7344" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7344, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: EmailJoe Sandbox AI: Page contains button: 'REVIEW DOCUMENTS' Source: 'Email'
Source: EmailJoe Sandbox AI: Email contains prominent button: 'review documents'
AI detected potential phishing Email
Source: EmailJoe Sandbox AI: Detected potential phishing email: The email uses DocuSign branding but comes from a suspicious sender address 'CBDC Shared Services' which doesn't match legitimate JPMorgan Chase communications. The URL structure and multiple redirects in the 'REVIEW DOCUMENTS' link are suspicious and typical of phishing attempts. The email creates urgency and targets a high-level employee (Bradley Shuster) with a financial/document signing request, which is a common phishing tactic
Source: EmailClassification: Credential Stealer
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.aadrm.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.aadrm.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.cortana.ai
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.office.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.onedrive.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://api.scheduler.
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://app.powerbi.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://augloop.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://canary.designerapp.
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/create-module
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.entity.
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cortana.ai
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cortana.ai/api
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://cr.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://d.docs.live.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dev.cortana.ai
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://devnull.onenote.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://directory.services.
Source: PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msgString found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ecs.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://graph.windows.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://graph.windows.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://invites.office.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://lifecycle.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://login.windows.local
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://make.powerautomate.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://management.azure.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://management.azure.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://management.core.windows.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://messaging.office.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://mss.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg, ~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp.0.drString found in binary or memory: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.docusign.net%2FSigning%2FEmail
Source: PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg, ~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp.0.drString found in binary or memory: https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.jpmorgan.com%2Fcontent%2Fdam%2
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ncus.contentsync.
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://notification.m365.svc.cloud.microsoft/PushNotifications.Register
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://officeapps.live.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://onedrive.live.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office365.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office365.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://planner.cloud.microsoft
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://prod.support.office.com/InAppHelp
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://res.cdn.office.net
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://service.powerapps.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://settings.outlook.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://staging.cortana.ai
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-1
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-dark-2
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-100
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-150
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-hc-200
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://statics.teams.cdn.office.net/evergreen-assets/illustrations/win32/m365-device-desktop-light-
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://storage.azure.com/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://substrate.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://syncservice.o365syncservice.com/"
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://teams.cloud.microsoft/ups/global/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://wus2.contentsync.
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: ~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp.0.drString found in binary or memory: https://www.docusign.net/Member/Image.aspx?i=logo&l=c798224a-c608-4f3f-948f-19c528b96c86
Source: ~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp.0.drString found in binary or memory: https://www.docusign.net/member/Images/email/docInvite-white.png
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: mal48.winMSG@3/12@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241223T1136020282-7344.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FF57892E-3C4E-400D-B386-2DB61E24CD79" "A2BBB590-8CCF-4964-9C59-958443D25D81" "7344" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FF57892E-3C4E-400D-B386-2DB61E24CD79" "A2BBB590-8CCF-4964-9C59-958443D25D81" "7344" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation21
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.58.101
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.pngPLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msgfalse
      		high
      https://api.diagnosticssdf.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
        		high
        https://login.microsoftonline.com/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
          		high
          https://shell.suite.office.com:144328C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
            		high
            https://designerapp.azurewebsites.net28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
              		high
              https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                		high
                https://autodiscover-s.outlook.com/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                  		high
                  https://useraudit.o365auditrealtimeingestion.manage.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                    		high
                    https://outlook.office365.com/connectors28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                      		high
                      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                        		high
                        https://cdn.entity.28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                          		high
                          https://api.addins.omex.office.net/appinfo/query28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                            		high
                            https://clients.config.office.net/user/v1.0/tenantassociationkey28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                              		high
                              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                		high
                                https://powerlift.acompli.net28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                  		high
                                  https://rpsticket.partnerservices.getmicrosoftkey.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                    		high
                                    https://lookup.onenote.com/lookup/geolocation/v128C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                      		high
                                      https://cortana.ai28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                        		high
                                        https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.jpmorgan.com%2Fcontent%2Fdam%2PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg, ~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp.0.drfalse
                                          		high
                                          https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                            		high
                                            https://api.powerbi.com/v1.0/myorg/imports28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                              		high
                                              https://notification.m365.svc.cloud.microsoft/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                		high
                                                https://cloudfiles.onenote.com/upload.aspx28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                  		high
                                                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                    		high
                                                    https://entitlement.diagnosticssdf.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                      		high
                                                      https://api.aadrm.com/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                        		high
                                                        https://ofcrecsvcapi-int.azurewebsites.net/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                          		high
                                                          https://canary.designerapp.28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                            		high
                                                            https://ic3.teams.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                              		high
                                                              https://www.yammer.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                		high
                                                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                  		high
                                                                  https://api.microsoftstream.com/api/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                    		high
                                                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                      		high
                                                                      https://cr.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                        		high
                                                                        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                          		high
                                                                          https://messagebroker.mobile.m365.svc.cloud.microsoft28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                            		high
                                                                            https://otelrules.svc.static.microsoft28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                              		high
                                                                              https://portal.office.com/account/?ref=ClientMeControl28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                		high
                                                                                https://clients.config.office.net/c2r/v1.0/DeltaAdvisory28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                  		high
                                                                                  https://edge.skype.com/registrar/prod28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                    		high
                                                                                    https://graph.ppe.windows.net28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                      		high
                                                                                      https://res.getmicrosoftkey.com/api/redemptionevents28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                        		high
                                                                                        https://powerlift-frontdesk.acompli.net28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                          		high
                                                                                          https://officeci.azurewebsites.net/api/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                            		high
                                                                                            https://sr.outlook.office.net/ws/speech/recognize/assistant/work28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                              		high
                                                                                              https://api.scheduler.28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                		high
                                                                                                https://my.microsoftpersonalcontent.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                  		high
                                                                                                  https://store.office.cn/addinstemplate28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                    		high
                                                                                                    https://api.aadrm.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                      		high
                                                                                                      https://edge.skype.com/rps28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                        		high
                                                                                                        https://outlook.office.com/autosuggest/api/v1/init?cvid=28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                          		high
                                                                                                          https://www.docusign.net/Member/Image.aspx?i=logo&l=c798224a-c608-4f3f-948f-19c528b96c86~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp.0.drfalse
                                                                                                            		high
                                                                                                            https://globaldisco.crm.dynamics.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                              		high
                                                                                                              https://messaging.engagement.office.com/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                		high
                                                                                                                https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                  		high
                                                                                                                  https://dev0-api.acompli.net/autodetect28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                    		high
                                                                                                                    https://www.odwebp.svc.ms28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                      		high
                                                                                                                      https://api.diagnosticssdf.office.com/v2/feedback28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                        		high
                                                                                                                        https://api.powerbi.com/v1.0/myorg/groups28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                          		high
                                                                                                                          https://web.microsoftstream.com/video/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                            		high
                                                                                                                            https://api.addins.store.officeppe.com/addinstemplate28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                              		high
                                                                                                                              https://graph.windows.net28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                		high
                                                                                                                                https://dataservice.o365filtering.com/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://officesetup.getmicrosoftkey.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://analysis.windows.net/powerbi/api28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://prod-global-autodetect.acompli.net/autodetect28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://substrate.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.office365.com/autodiscover/autodiscover.json28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://consent.config.office.com/consentcheckin/v1.0/consents28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://notification.m365.svc.cloud.microsoft/PushNotifications.Register28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://d.docs.live.net28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://safelinks.protection.outlook.com/api/GetPolicy28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://ncus.contentsync.28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://syncservice.o365syncservice.com/"28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://weather.service.msn.com/data.aspx28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://apis.live.net/v5.0/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.docusign.net/member/Images/email/docInvite-white.png~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://officepyservice.office.net/service.functionality28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://templatesmetadata.office.net/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://messaging.lifecycle.office.com/28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://planner.cloud.microsoft28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://mss.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://pushchannel.1drv.ms28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://management.azure.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://outlook.office365.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://wus2.contentsync.28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://incidents.diagnostics.office.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://clients.config.office.net/user/v1.0/ios28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://make.powerautomate.com28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://api.addins.omex.office.net/api/addins/search28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://insertmedia.bing.office.net/odc/insertmedia28C48C1F-8D1B-4B14-B3D5-E29C023A4B00.0.drfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            No contacted IP infos

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                            Analysis ID:1579995
                                                                                                                                                                                                            Start date and time:2024-12-23 17:34:55 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 4m 41s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:6
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal48.winMSG@3/12@0/0
                                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                            • Number of executed functions: 0
                                                                                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .msg

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.109.76.243, 52.113.194.132, 52.109.32.38, 52.109.32.46, 52.109.32.47, 52.109.32.39, 20.189.173.3, 172.202.163.200, 13.107.246.63, 20.190.159.68
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, officeclient.microsoft.com, wu-b-net.trafficmanager.net, ecs.office.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, onedscolprdwus02.westus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, neu-azsc-config.officeapps.live.com, nleditor.osi.office.net, prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                            • VT rate limit hit for: PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            No simulations

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comlKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 217.20.58.99
                                                                                                                                                                                                            fKdiT1D1dk.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                            • 217.20.58.100
                                                                                                                                                                                                            uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                            • 217.20.58.99
                                                                                                                                                                                                            data.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 217.20.58.99
                                                                                                                                                                                                            4hSuRTwnWJ.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 217.20.58.100
                                                                                                                                                                                                            YinLHGpoX4.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                                                                                            • 217.20.58.99
                                                                                                                                                                                                            gCXzb0K8Ci.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 217.20.58.99
                                                                                                                                                                                                            H2PspQWoHE.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 84.201.212.68
                                                                                                                                                                                                            H6epOhxoPY.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 217.20.58.100
                                                                                                                                                                                                            KcKtHBkskI.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 217.20.58.100

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):231348
                                                                                                                                                                                                            Entropy (8bit):4.380977939782247
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:vDYLbhgsIVwOtnVRDgs3vNcAz79ysQqt2j/qmqoQporcm0FvG7dyxsu9l+B+U/33:cNgnFPgsmiGu2HqoQ2rt0Fv9fKLQ0sDy
                                                                                                                                                                                                            MD5:3F9F9B579269406ED6A0CB7948341B23
                                                                                                                                                                                                            SHA1:4119FDBB8043C471164E541DD64B78B0B402078C
                                                                                                                                                                                                            SHA-256:41BC304847C292F2C49C3D704BFFF309C0113793BC75724A03D891568E3BD630
                                                                                                                                                                                                            SHA-512:758A48416E61E2713A6E34549083C01A9630EB85FD7424970304A5BE273D255A558B3722A093E7D376A4CDB840FC5C4D3009DA123F32150F4B4BCCB4651570B5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:TH02...... ....XU......SM01X...,......XU..........IPM.Activity...........h...............h............H..h..o..........h........PZ..H..h\jon ...ppDa...h...0.....o....h...............h........_`.j...hQ...@...I..v...h....H...8..j...0....T...............d.........2h...............kP.a...........!h.............. h\.........o...#h....8.........$hPZ......8....."h.[......`[....'h..?...........1h....<.........0h....4.....j../h....h......jH..h.%..p.....o...-h .......D.o...+h..........o................. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\28C48C1F-8D1B-4B14-B3D5-E29C023A4B00

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):183024
                                                                                                                                                                                                            Entropy (8bit):5.29375017711089
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:trVwfRAqpbH4wglEpLe7HWKQjj/o/NMOcAZl1p5ihs7EXXbEADwaKBIa5YdGVF8M:F8e7HWKQjj/o/aXotTB
                                                                                                                                                                                                            MD5:12A985706592DB212594780E86B7FA33
                                                                                                                                                                                                            SHA1:DD8C6CBF6551924BFFF4E45DE8402291BAE874FD
                                                                                                                                                                                                            SHA-256:633410190E0C67E706180425BAC17D1A7BEA7C31634C05F80380F9CBA5E59398
                                                                                                                                                                                                            SHA-512:09846B747C5A23F8BD96BE5913708BCB0D0D0AA4C07C8F58AEE3BE471DB41956AA96A40EC7AB7FFBA8AD98EAFA63F8EA7D41EE8B5ED205285D4D5EE1391FDD7E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-12-23T16:36:06">.. Build: 16.0.18406.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results?fullframe=yes</o:url>.. <o:ticket o:policy="DELEGATION" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Bearer {}" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.Resourc

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                            Entropy (8bit):0.04513718943963721
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:GtlxtjlFebaFe/0lxtjlFebaFe/jjR9//8l1lvlll1lllwlvlllglbelDbllAlla:GtlebaFe/0lebaFe/Z9X01PH4l942wU
                                                                                                                                                                                                            MD5:B7220CBD466E591897D056CE3A68D0F9
                                                                                                                                                                                                            SHA1:6EF3DBCD3BA94912465255776904CFF4EEF92A11
                                                                                                                                                                                                            SHA-256:E6EE1EA4F48402B1EE3FA5400C319526451669DAD4B7F81A08D650F118CA65DD
                                                                                                                                                                                                            SHA-512:0397F9F2D7DAD7343E0D5CE3A9B509FEBF54FF05B90FB1E7494504660C07B12D8B088EFBBA382E18EDB23D5A7D563A1E9B61D0B5B194BF193AED57FD55EE3A9A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:..-......................W.%.....{s.}t&.b..x..ZD..-......................W.%.....{s.}t&.b..x..ZD........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):49472
                                                                                                                                                                                                            Entropy (8bit):0.47862086709175994
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:WB2+TQ1QQ+R8BUll7DYM/yzO8VFDYMnBO8VFDYML:WQDK/zll4gSjVGCjVGC
                                                                                                                                                                                                            MD5:8BCC7DC155566E5587DB6D832CAC98DC
                                                                                                                                                                                                            SHA1:99F7E5F46DDFBB8506B7004B40CF151572AECDC3
                                                                                                                                                                                                            SHA-256:01A985570A05E03602D245DDA8A2FDAB6E6F562CEE39EA9748137F7C06381282
                                                                                                                                                                                                            SHA-512:E4747244554C55B85ED92F408597E21CC68667B81051B979022562FD0089DEADD26BE0F3FC6E20F268767BA1ACEDCB8457C67FD8E2852C3F03F3CC597FF8C0D1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:7....-...........{s.}t&..Z~.8h...........{s.}t&..,.y.k.SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BB816BA7-0101-444D-8331-2DC6880962ED}.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):9196
                                                                                                                                                                                                            Entropy (8bit):3.962747111992782
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:iGGcd6zUMzxlplkgQ+CRgj+pjyb2mfM1K3MnvKQNFpzyb2manY:iLzU4xlplkGXqmfStTAqmt
                                                                                                                                                                                                            MD5:B73B10B8DB84F0BD74554500177337FF
                                                                                                                                                                                                            SHA1:170536CFDA17257F04D2927E6B366DF793348606
                                                                                                                                                                                                            SHA-256:7FEBB6327E4290BFC56008562DE6B904F1EF5795D3F204F095ED68BE4A72B6E6
                                                                                                                                                                                                            SHA-512:3CF43AFD2ADE1B12538E510D5CE7FA37D828BA9BD2B621A5324CB971824FF15766F172036D0C92017FB77852E1DFE0477304DD60A8469E3263E31FB3E648E58F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:....C.A.U.T.I.O.N.:. .T.h.i.s. .e.m.a.i.l. .o.r.i.g.i.n.a.t.e.d. .f.r.o.m. .o.u.t.s.i.d.e. .o.f. .t.h.e. .o.r.g.a.n.i.z.a.t.i.o.n... .D.o. .n.o.t. .c.l.i.c.k. .l.i.n.k.s. .o.r. .o.p.e.n. .a.t.t.a.c.h.m.e.n.t.s. .u.n.l.e.s.s. .y.o.u. .r.e.c.o.g.n.i.z.e. .t.h.e. .s.e.n.d.e.r. .a.n.d. .k.n.o.w. .t.h.e. .c.o.n.t.e.n.t. .i.s. .s.a.f.e.................................................................................................................................................................................................P...T...h...j...B...D..."......................................................................................................................................................................................................................................................................................................................................................................$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a........

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734971762638547000_02449908-839F-42A4-A9A5-3D211E9252A0.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (28774), with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20971520
                                                                                                                                                                                                            Entropy (8bit):0.17737151475268606
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:dWnDNzxEk9BNxHzEnLcTVOCJFlyPnTJkIpe3AgT5o1OXKCnjjLC4/Kr/WddjmnTB:uzp4CJirTcAgT5o1OXKCnjjLC4/5A
                                                                                                                                                                                                            MD5:505B3038C6DF96B944D2D2AF88EF2F29
                                                                                                                                                                                                            SHA1:2325D3CE401F467F7213120F7971E402EAC8E742
                                                                                                                                                                                                            SHA-256:DD0745C5EACDCBE598909913186DCF45AE421AA97F7C646816F5589FDECAC164
                                                                                                                                                                                                            SHA-512:5E3BB66547468CECA6190B62E5EC4F2AC167C5A4A3D5EBC6E21A15E4E96B4FAC658E2E7BE20456D24380BD6908D67D90BE399B4F8E1EDF62FBAA672079891F49
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/23/2024 16:36:02.704.OUTLOOK (0x1CB0).0x1CB4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-12-23T16:36:02.704Z","Contract":"Office.System.Activity","Activity.CV":"CJlEAp+DpEKppT0hHpJSoA.4.9","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...12/23/2024 16:36:02.735.OUTLOOK (0x1CB0).0x1CB4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-12-23T16:36:02.735Z","Contract":"Office.System.Activity","Activity.CV":"CJlEAp+DpEKppT0hHpJSoA.4.10","Activity.Duration":14120,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1734971762639272200_02449908-839F-42A4-A9A5-3D211E9252A0.log

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20971520
                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                            MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                                                                                            SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                                                                                            SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                                                                                            SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241223T1136020282-7344.etl

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):102400
                                                                                                                                                                                                            Entropy (8bit):4.548828910530307
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:zudPGt7E9aVpeF4kOqk7PbiQ96bju/RyXaoxEyWaW75QkrIrF8WzWH:64Ak7PbiQ96nupyXKGtR4
                                                                                                                                                                                                            MD5:09A8DB44DDB50F317AC6C19512B5C2C6
                                                                                                                                                                                                            SHA1:C430B1F5C7CC6CAD30ADE2AAFD3F18E965CA9B74
                                                                                                                                                                                                            SHA-256:954D13C3EBDDFF7ED9AB248CE11A2D4B5AFFA205AA19C7966D97481A7164EA82
                                                                                                                                                                                                            SHA-512:ADE9A973CC17DDFFBFBDFE02576B708C9DA3FFC16225C57F7B1CC5F502B4C2EA3319F89094D7908069D99D7D239E743E9AB2E781E98D19A8E3F705A47E01981C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:............................................................................b...........@+..XU..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................`uq1............@+..XU..........v.2._.O.U.T.L.O.O.K.:.1.c.b.0.:.1.5.0.4.1.6.2.e.8.7.2.1.4.f.f.d.a.b.6.0.9.c.4.9.6.3.c.8.2.d.1.8...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.2.2.3.T.1.1.3.6.0.2.0.2.8.2.-.7.3.4.4...e.t.l.............P.P.........@+..XU..................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\~DF1FBB973CF7B4C384.TMP

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):163840
                                                                                                                                                                                                            Entropy (8bit):0.3830645754593154
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:+Ufs/dx5MloVShiCbCVsxG/YLwi1hNgz0XHWQOGIAbAFAqwNh/:+UfkdcoQhtmmxqi10z0XHOGIMu
                                                                                                                                                                                                            MD5:2CEFD8579FB38F6E26105CCD75DE0AA0
                                                                                                                                                                                                            SHA1:E4BD8AB247C0C968669190D2A50CA37703CFE801
                                                                                                                                                                                                            SHA-256:351E6B39A4C43A31B324BEF5EEE2609D860F0E76BEAFB1C72478C78EAF7840F5
                                                                                                                                                                                                            SHA-512:9BC9251F7802D4DFF1BC9CFB015AF19698A128D85FC5284BD59E7F4793A716B7D09F3672C2303C951522EBC08F0DFE8CBC048F87B93A919D2F771CF39589BAD6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30
                                                                                                                                                                                                            Entropy (8bit):1.2389205950315936
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:+wnlh/t:+Slh
                                                                                                                                                                                                            MD5:D89C870ED8A5B647407558018CBD6D42
                                                                                                                                                                                                            SHA1:139FF0F1B6E40A905CB7DD8D2B9C7B9C21C5038E
                                                                                                                                                                                                            SHA-256:DEC8F9115C26F147D8B0316E5BB2D3FD810E763DF2879E31B29AE748311255C9
                                                                                                                                                                                                            SHA-512:A187D2BD9FF5865C8B71689193AE0EA0A25762278931BCDCC0F257AE3621ECED75424E530B05D47C0BC822F7D368373F3F2EAD3C3086C89079F0DC65229E82BD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..............................

                                                                                                                                                                                                            C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:Microsoft Outlook email folder (>=2003)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):271360
                                                                                                                                                                                                            Entropy (8bit):1.290027676803245
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:ImQcvvYfUkg1fjeNX6uBwW6cZ2BfXWC7xODGGp8BUTIZ:1QfQrJaweZsfmC4LeNZ
                                                                                                                                                                                                            MD5:EE0844B151029365475BB1D03E395D37
                                                                                                                                                                                                            SHA1:FA5F3320DF5784287EB0E0BD0F7D3E72796A986C
                                                                                                                                                                                                            SHA-256:785B9769B5FC5A13550B9EE6D9C88CA35B73BF1EDBD692ED600EEF1D7A7292D6
                                                                                                                                                                                                            SHA-512:EC737723DB91C25D71B8027D93A09A0967B2CBDA95517F32BCB327C7799979C6D980DD055D71A3D97EA5C5B6257ED3EA0EAF608246F995E30FEDB9B8EC6082F4
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:!BDN..:.SM......\........,......J.......W................@...........@...@...................................@...........................................................................$.......D.......$..............F...............I...................................................................................................................................................................................................................................................................................................L. .h[l.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):131072
                                                                                                                                                                                                            Entropy (8bit):1.2342798735290101
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:rzwDR5G0yO4riTaqxSME47yXpS4MYznAtxTqxmC/9GN0FMWnLo1Ro4P:U2BfidcH5jETWGuj8x
                                                                                                                                                                                                            MD5:B1144F47763C60C6D17BE1682BAB4B86
                                                                                                                                                                                                            SHA1:9D5D5302EA76E9BA13AB48C9CEE92519A0E0C744
                                                                                                                                                                                                            SHA-256:8A2C7599FFC0B0C2A1F2BC1768FC5018BC84C67D276527D5ACAAC20A2A2AAF9B
                                                                                                                                                                                                            SHA-512:8D3A5E7F8431445245ACE431B2B07EC2FC42094BE42158D9C59E8EBB81B84E8AEE2EB67308449397A39342A0FF48857A7B6683834718780E1443B83028EE7403
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:....C...g...........w.P.XU....................#.!BDN..:.SM......\........,......J.......W................@...........@...@...................................@...........................................................................$.......D.......$..............F...............I...................................................................................................................................................................................................................................................................................................L. .h[l.w.P.XU....................#.............................................0...............................................p............f.......................W.......................$..............................................................$........X......8...0...d........^..........0)..h...............8....)..l...................p*..p........d...........+..t........H...........+..|.......@.......n....,..|.......

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:CDFV2 Microsoft Outlook Message
                                                                                                                                                                                                            Entropy (8bit):4.252827065837441
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Outlook Message (71009/1) 58.92%
                                                                                                                                                                                                            • Outlook Form Template (41509/1) 34.44%
                                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                                                                                                                                                            File name:PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg
                                                                                                                                                                                                            File size:60'928 bytes
                                                                                                                                                                                                            MD5:8ddcfad428194af2b556e180abee5948
                                                                                                                                                                                                            SHA1:14cb748450c81f12da4ca58e741f72dde824b512
                                                                                                                                                                                                            SHA256:f204fca4c06dff491c4d66eb653c62277e8a5fd8df1bf01effba2ab77b0da87f
                                                                                                                                                                                                            SHA512:987c0846ac672e625d6db43a7a27d0bbe03952a75f993479cd66a28b23207692300a92c556acc231ec9b245d431cbec66bee58a8726c49307cece4b0e008ecc2
                                                                                                                                                                                                            SSDEEP:768:gxQ9kySpNRPMVTpP62oNJcSyUrk6s1iTPqEhDNBKLNyCcacTk/ZohSDK8OKX1b:tyNeTpP6FcSySk6sATPjCcacTkRokB1
                                                                                                                                                                                                            TLSH:6353C2252AF90215F2B7DF3549F650939936BC92AD25DE4E21C1330E09B2E41EDA1F3B
                                                                                                                                                                                                            File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                            Static Mail

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Subject:PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 [DPR]
                                                                                                                                                                                                            From:CBDC Shared Services via Docusign <dse@docusign.net>
                                                                                                                                                                                                            To:Brad Shuster <brad.shuster@nationalmi.com>
                                                                                                                                                                                                            Cc:
                                                                                                                                                                                                            BCC:
                                                                                                                                                                                                            Date:Fri, 20 Dec 2024 20:46:06 +0100
                                                                                                                                                                                                            Communications:
                                                                                                                                                                                                            • CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. <https://www.docusign.net/Member/Image.aspx?i=logo&l=c798224a-c608-4f3f-948f-19c528b96c86> <https://www.docusign.net/member/Images/email/docInvite-white.png> JPMorgan Chase sent you a document to review and sign. REVIEW DOCUMENTS <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.docusign.net%2FSigning%2FEmailStart.aspx%3Fa%3Da1004102-5eef-4fb0-88eb-b68bc125b19a%26etti%3D24%26acct%3D2dc2d908-b888-4583-81ee-392ace4d4294%26er%3D448cac87-eeae-44d6-ae33-062b959113c5&data=05%7C02%7Cbrad.shuster%40nationalmi.com%7Cdb9be1dc3a974b5a83aa08dd21303398%7C00ba92ebb0004ac1aa36470e8b3a6a63%7C0%7C0%7C638703213612115877%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C4000%7C%7C%7C&sdata=s1yX59DfzeScAsMVe6S3dhonNBgKgfSEQ3HtgLGJsaI%3D&reserved=0> Hello BRADLEY M. SHUSTER, Thank you for choosing JPMorgan Chase for your banking needs. This message confirms a request was recently received for your company. The documents are ready for you to review, complete and sign. To view these documents, please click REVIEW DOCUMENT(S). Your clicking REVIEW DOCUMENT(S) will take you to a JPMorgan Chase website. Your use of that website is governed by the Commercial Banking E-Sign Service Terms <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.jpmorgan.com%2Fcontent%2Fdam%2Fjpm%2Fcommercial-banking%2Fdocuments%2Ftreasury%2F562300_CB-DocuSign_E-Sign-ServiceTerms-April%25202019-FINAL-ADA.pdf&data=05%7C02%7Cbrad.shuster%40nationalmi.com%7Cdb9be1dc3a974b5a83aa08dd21303398%7C00ba92ebb0004ac1aa36470e8b3a6a63%7C0%7C0%7C638703213612137091%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C4000%7C%7C%7C&sdata=s9MqQ9KlmA8ygER6iNt60NbqIxueiG3CHb%2BQZ8Pd8GY%3D&reserved=0> . Your use of that website to e-sign any document will constitute your acceptance of those service terms. Thank You, JPMorgan Chase Powered by <https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png> Do Not Share This Email This email contains a secure link to DocuSign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit DocuSign.com, click 'Access Documents', and enter the security code: A10041025EEF4FB088EBB68BC125B19A1 J.P. Morgan and Chase are marketing names for certain businesses of JPMC and its subsidiaries worldwide. Bank products and services are offered through JPMorgan Chase Bank, N.A. Member FDIC.
                                                                                                                                                                                                            Attachments:

                                                                                                                                                                                                              Headers

                                                                                                                                                                                                              Key Value
                                                                                                                                                                                                              Receivedfrom docusign.net ([127.0.0.1]) by SE101FE91.corp.docusign.net
                                                                                                                                                                                                              (260310b6:303:b7::33) with Microsoft SMTP Server (version=TLS1_3,
                                                                                                                                                                                                              HTTPS; Fri, 20 Dec 2024 1956:01 +0000
                                                                                                                                                                                                              Dec 2024 1955:07 +0000
                                                                                                                                                                                                              Fri, 20 Dec 2024 1946:06 +0000 (UTC)
                                                                                                                                                                                                              15.20.8251.15 via Frontend Transport; Fri, 20 Dec 2024 1955:06 +0000
                                                                                                                                                                                                              Fri, 20 Dec 2024 1155:02 -0800
                                                                                                                                                                                                              with Microsoft SMTPSVC(10.0.17763.1697); Fri, 20 Dec 2024 1146:06 -0800
                                                                                                                                                                                                              Arc-Seali=1; s=201903; d=dkim.mimecast.com; t=1734724505; a=rsa-sha256;
                                                                                                                                                                                                              Arc-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed;
                                                                                                                                                                                                              h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
                                                                                                                                                                                                              h=fromfrom:sender:sender:reply-to:reply-to:subject:subject:date:date:
                                                                                                                                                                                                              message-idmessage-id:to:to:cc:mime-version:mime-version:
                                                                                                                                                                                                              content-typecontent-type:dkim-signature;
                                                                                                                                                                                                              Arc-Authentication-Resultsi=1; relay.mimecast.com; dkim=pass
                                                                                                                                                                                                              (policy=reject) header.from=docusign.net; spf=pass (relay.mimecast.comdomain of dse@docusign.net designates 64.207.219.72 as permitted sender)
                                                                                                                                                                                                              Authentication-Resultsspf=fail (sender IP is 170.10.152.241)
                                                                                                                                                                                                              Received-SpfFail (protection.outlook.com: domain of docusign.net does not
                                                                                                                                                                                                              Authentication-Results-Originalrelay.mimecast.com; dkim=pass
                                                                                                                                                                                                              X-Mc-UniqueY7kSNcNUPx-oPZ015GivFA-1
                                                                                                                                                                                                              X-Mimecast-Mfc-Agg-IdY7kSNcNUPx-oPZ015GivFA
                                                                                                                                                                                                              Dkim-Signaturev=1; a=rsa-sha256; c=relaxed/simple; d=docusign.net;
                                                                                                                                                                                                              h=Reply-ToFeedback-ID:From:To:Date:Subject;
                                                                                                                                                                                                              SenderDocuSign System <dse@docusign.net>
                                                                                                                                                                                                              Reply-ToFRC_CB_Documentation <frc.cb.documentation@jpmorgan.com>
                                                                                                                                                                                                              Recipient-Id448cac87-eeae-44d6-ae33-062b959113c5
                                                                                                                                                                                                              X-DebugFalse
                                                                                                                                                                                                              X-Email-Rejection-ModeLearningMode
                                                                                                                                                                                                              X-Api-Hostna1.docusign.net
                                                                                                                                                                                                              Site-Id1
                                                                                                                                                                                                              X-Bounceemailversion1
                                                                                                                                                                                                              Feedback-Id0:bbc83e01d0df0e68656cb5a934bd676a:EnvelopeActivation:Docusign_Prod
                                                                                                                                                                                                              X-Ds-Score0
                                                                                                                                                                                                              FromCBDC Shared Services via Docusign <dse@docusign.net>
                                                                                                                                                                                                              ToBrad Shuster <brad.shuster@nationalmi.com>
                                                                                                                                                                                                              Message-Id<a1cd9c0c7071401aa280813bdfdd7948@docusign.net>
                                                                                                                                                                                                              DateFri, 20 Dec 2024 11:46:06 -0800
                                                                                                                                                                                                              Subject=?UTF-8?B?UExFQVNFIFNJR04gVEhJUyBET0NVTUVOVCAtIFJlZmVyZW5jZSBu?=
                                                                                                                                                                                                              MIME-Version1.0
                                                                                                                                                                                                              X-Originalarrivaltime20 Dec 2024 19:46:06.0167 (UTC)
                                                                                                                                                                                                              FILETIME=[CF1C8E7001DB5317]
                                                                                                                                                                                                              X-Mimecast-Spam-Score-100
                                                                                                                                                                                                              X-Mimecast-Mfc-Proc-IdUjhZmgIjRTcwZ8VIngfIu_4l0H85RilwvW8cCgVVa8Y_1734724501
                                                                                                                                                                                                              Content-Typemultipart/mixed;
                                                                                                                                                                                                              Return-Pathdse@docusign.net
                                                                                                                                                                                                              X-Ms-Exchange-Organization-Expirationstarttime20 Dec 2024 19:55:06.4258
                                                                                                                                                                                                              X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                                                                                                                                                                                                              X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                                                                                                                                                                                                              X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                                                                                                                                                                                                              X-Ms-Exchange-Organization-Network-Message-Iddb9be1dc-3a97-4b5a-83aa-08dd21303398
                                                                                                                                                                                                              X-Eopattributedmessage0
                                                                                                                                                                                                              X-Eoptenantattributedmessage00ba92eb-b000-4ac1-aa36-470e8b3a6a63:0
                                                                                                                                                                                                              X-Ms-Exchange-Organization-MessagedirectionalityIncoming
                                                                                                                                                                                                              X-Ms-PublictraffictypeEmail
                                                                                                                                                                                                              X-Ms-TraffictypediagnosticSJ5PEPF000001D1:EE_|DM6PR17MB3884:EE_|SJ0PR17MB5023:EE_
                                                                                                                                                                                                              X-Ms-Exchange-Organization-AuthsourceSJ5PEPF000001D1.namprd05.prod.outlook.com
                                                                                                                                                                                                              X-Ms-Exchange-Organization-AuthasAnonymous
                                                                                                                                                                                                              X-Ms-Office365-Filtering-Correlation-Iddb9be1dc-3a97-4b5a-83aa-08dd21303398
                                                                                                                                                                                                              X-Ms-Exchange-AtpmessagepropertiesSA|SL|HVE
                                                                                                                                                                                                              Msip_labelsMSIP_Label_5eb92aab-0d78-4ab5-9e11-340a5b254389_Enabled=True;MSIP_Label_5eb92aab-0d78-4ab5-9e11-340a5b254389_SiteId=00ba92eb-b000-4ac1-aa36-470e8b3a6a63;MSIP_Label_5eb92aab-0d78-4ab5-9e11-340a5b254389_SetDate=2024-12-20T19:55:12.3226402Z;MSIP_Label_5eb92aab-0d78-4ab5-9e11-340a5b254389_Name=5eb92aab-0d78-4ab5-9e11-340a5b254389;MSIP_Label_5eb92aab-0d78-4ab5-9e11-340a5b254389_ContentBits=0;MSIP_Label_5eb92aab-0d78-4ab5-9e11-340a5b254389_Method=Standard;
                                                                                                                                                                                                              X-Ms-Exchange-Organization-Scl-1
                                                                                                                                                                                                              X-Microsoft-AntispamBCL:4;ARA:13230040|240411011799012|69100299015|5082899009|6062899009|35002699018|31092699021|4092899012|5062899012|3092899012|3072899012|13102899012|13012899012|12012899012|2092899012|4076899003|8096899003|5023399003;
                                                                                                                                                                                                              X-Forefront-Antispam-ReportCIP:170.10.152.241;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:SKN;H:usb-smtp-inbound-delivery-1.mimecast.com;PTR:usb-smtp-delivery-1.mimecast.com;CAT:NONE;SFS:(13230040)(240411011799012)(69100299015)(5082899009)(6062899009)(35002699018)(31092699021)(4092899012)(5062899012)(3092899012)(3072899012)(13102899012)(13012899012)(12012899012)(2092899012)(4076899003)(8096899003)(5023399003);DIR:INB;
                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Originalarrivaltime20 Dec 2024 19:55:06.3320
                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Network-Message-Iddb9be1dc-3a97-4b5a-83aa-08dd21303398
                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-Id00ba92eb-b000-4ac1-aa36-470e8b3a6a63
                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-AuthsourceSJ5PEPF000001D1.namprd05.prod.outlook.com
                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-AuthasAnonymous
                                                                                                                                                                                                              X-Ms-Exchange-Crosstenant-FromentityheaderInternet
                                                                                                                                                                                                              X-Ms-Exchange-Transport-CrosstenantheadersstampedDM6PR17MB3884
                                                                                                                                                                                                              X-Ms-Exchange-Transport-Endtoendlatency00:00:54.7274091
                                                                                                                                                                                                              X-Ms-Exchange-Processed-By-Bccfoldering15.20.8272.000
                                                                                                                                                                                                              X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
                                                                                                                                                                                                              X-Microsoft-Antispam-Message-InfoiUG59Rn/Ij1bTMX9kF6aAjGKyMugnp6JfcvRseuQLTbcvoxu3Esc3siKznNE71UAQwONUN3NBGvjTFqYlgvxXPHciYSjRrBjNgknVDiEA/AwrkzcsXEii+B4c08m8qeoUeIrRx4PoOC/mTUfCGtWQ8DlHErl1C8CyU48TrDsZxz/kzy8/OzFsCJbCgfxiSHST+ck8e0dpCuEUUOhFWROIVL5859XLiVEN0ZNCrHxPCmSePjxpbo2lS6uEsuBk6DLR46xZ8mmnK+g11PlX+9auypQvjZ2rd2snkZz17cYWtP1I5ge4vLUbNQ13kdBY+LZv76ki6w+oytRLxfea9Q4nIYHQlQcmwi6ppqQI8VcMUxQXeKljEfwraZdmiISGGCuK6YKjLnzLAwgIvZgmB4qDUk2AbEKkFl/d18EBoOV74Fpr12HLLGWJgmP6p6DaIhObr7TjHPiEIDYelsWXsqr25kyBf+XGB9deQ1EMzBczj5MCUfj3b/iHI0/9tGdxKwIG2BsfsCHHSp/X0b9Ekw7h/gMGrbPlqfnHZpuuxBph2fCZO2hyLauurpeyHyjVzMaEReVopxserSatAqlgS457yO+FH1Bq6lBmXKw4YcFnEwFhboHmj41WucEFci33dCA2cehBYmggjhs1+8d0gntHsiOKx+QbIhIYMnRbykCg7hDbYUlguiwGNvlALs4DTY6kK+OC0QG+cZmmS5fqzWKwXPfpkjPo+DY+S5r3q9o19NTjMPziX/izrx0rG7BthCgQPLLdmsoM2yVX2Gr/QPFYRNAqfEvAPEuBzEaiG6ImqPWSLqcWqQdzP+y5cwMljc3OlRC8iScNzfZFmS0jzpbamAFrB6Hnu9ux3vqdifHNv/70DhEjbNkkgXxLpd1zHU8D5O1o3gwe7wAH8q3yzuh/NYKH/8midFFKQKxMuKflOV4xgEhj7/mYBpeZefMSbKCdyNNMFtFJ1VLEBJeu64iG57Ehb7g0jLThFRqcpNwi0Z+ORdT/s9V156MY/mxadwMttzYulIHEcZrP7htM3msgwz+EQ2QYw6R67e6bG9891MMCRV1GDE8pyS558YJ5r47UWVBrjB4EamWw0jWoFhT9JmWQmgMfjrv88VcNxcSKZ7m2H+pdgZwOEVxX3rifvldkIoqo9kr3dWMhH70N+JQFwknbjC1Ge4Dc1AhgoZjybl5RUjOOu92+Zbgn9ezagbSJt4Dm4qDGTZgIUwowskUoeb1G4LSgL7u5vWBSGpF7xl659ULOy+Ssbi4XJQkY+rfOwLJr3xJCfPKL/5v66p0jNXk15WqjOOOJVKWnXVQ0aXNVg98TnyWdRJCs+UKaK7Mo6VO8wj/20QDlZ0mLwb2TjgcazPF7kXWbqmn0NeifzQA88VLzuH1vNUHE9DGs9Py6uy5LCBEhMk1YMP5cPU4jDmM0GgQq1MxsYzatKlqyiTeGOqvyykwEbAh3OJ9UZPpQUKnZG8sIau5YK0LFVPygORkGUct0pwS7D+cz7gOZXdzRGp9WKbNZrmNG8osK1VrhE/MPvWj6QpynPzi1SAh3YFjSkJXebmo+/lVeHDGwO5HoCGsngQ3Ibdq8sJslxJyBu+9IPYC7SDktFQsh+4r5hy9cv7V7/f/XXFsIO/mSIMdBOEObyXBVen88yRSXYp6p9hJTj3Kii9vfiAV5+PiTTONFplsBp49TPNTofPeQwNI4/Rvpw9nwf92rVBzFoWY6+pQ2LflwYpuWlE7aVZW9W5STNpSzCLTcTnPz84LB9Sq+WQa1teX2MpvivpimW17VLnpTV/HLqnLF+2k19SG+tiXeB8ShnQs3dgChi73BC2n+CgcYe4go6x4u0Y73UWr2nnwo2T2DUk6/4BFvyscZqWDH0j3y88gztmpSn2lJu/zlHwbyYXr52wSj0qgoOeoTTU0pWQibeEZfc+hXwpe9EqNSsG9A7kkT0HCimKpY9WyTA6azuD/jXcwUP4aQzMLdISMMUjIsbCtRJH5mSbnG7bjgtuf5nVfzBHhKbOLo0Dq6Op5fiVLkOEdd5dO4pA0e2pdremD8IieDeN627IFef4ogcBhg+BWFr4vATS9rNMOQyvMAT4E7+JswnVaF4GPzvF7F+D+Q6PNwB2p50RZpeOQp4SQ1Scx61KYOuq+6yOydyqK5aBSuP7cXuvG6rsw8SbQGoicgRDm6e8dyUqoxe3qw2AwVtlg07hHVu2rvHnjLcpZ1gDagLtQ/7UftZ9nebJZFTHfSLXIQOOEawXWJU05vSBIQ1f6W9OjzR7qtW6LA6ew38XPwlUDFA5m1moWeZWZmxn6AtB23nWhrkOL6Xse3tY+67ZJSu6SOO3WOoXbt3VwLTJH3qwBzKR8nMROyaHG1PGh2CDBItGiuv9EqpMMlRddBE/rgL0r5W87f4TEngzb8BNFZEIVd36hV1ds
                                                                                                                                                                                                              Content-Transfer-Encoding7bit
                                                                                                                                                                                                              dateFri, 20 Dec 2024 20:46:06 +0100

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:c4e1928eacb280a2

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Dec 23, 2024 17:35:52.122458935 CET1.1.1.1192.168.2.40xae73No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comdefault.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Dec 23, 2024 17:35:52.122458935 CET1.1.1.1192.168.2.40xae73No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 23, 2024 17:35:52.122458935 CET1.1.1.1192.168.2.40xae73No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 23, 2024 17:35:52.122458935 CET1.1.1.1192.168.2.40xae73No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Dec 23, 2024 17:35:52.122458935 CET1.1.1.1192.168.2.40xae73No error (0)default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.58.98A (IP address)IN (0x0001)false

                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:11:35:57
                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\PLEASE SIGN THIS DOCUMENT - Reference number(s) 0598190575 DPR.msg"
                                                                                                                                                                                                              Imagebase:0xf30000
                                                                                                                                                                                                              File size:34'446'744 bytes
                                                                                                                                                                                                              MD5 hash:91A5292942864110ED734005B7E005C0
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                              Start time:11:36:04
                                                                                                                                                                                                              Start date:23/12/2024
                                                                                                                                                                                                              Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "FF57892E-3C4E-400D-B386-2DB61E24CD79" "A2BBB590-8CCF-4964-9C59-958443D25D81" "7344" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                                                                                                                                                              Imagebase:0x7ff6dad20000
                                                                                                                                                                                                              File size:710'048 bytes
                                                                                                                                                                                                              MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              No disassembly