Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Undeliverable_ Not read_ Who is the best point of contact_.eml

Overview

General Information

Sample name:Undeliverable_ Not read_ Who is the best point of contact_.eml
Analysis ID:1500771
MD5:9eee92551fbaf5e34fee9c860d2c549e
SHA1:71db28abbf3a12ba0c82cf5587b647f96d4c3d9a
SHA256:755d7f153efac914d7570aa77f66369c495430ff5e002971311111f8483d27d2
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7524 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Undeliverable_ Not read_ Who is the best point of contact_.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7912 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6EDD125C-B569-4098-A1CB-466123FEB808" "478F60CF-2EAC-4C79-88CF-7F6F173E0024" "7524" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7524, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.aadrm.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.aadrm.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.cortana.ai
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.microsoftstream.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.office.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.onedrive.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://api.scheduler.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://app.powerbi.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://augloop.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://augloop.office.com/v2
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://canary.designerapp.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.entity.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://config.edge.skype.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cortana.ai
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cortana.ai/api
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://cr.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://d.docs.live.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dev.cortana.ai
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://devnull.onenote.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://directory.services.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ecs.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://edge.skype.com/rps
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://graph.windows.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://graph.windows.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ic3.teams.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://invites.office.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://lifecycle.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://login.microsoftonline.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://login.windows.local
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://make.powerautomate.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://management.azure.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://management.azure.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.action.office.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://messaging.office.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ncus.contentsync.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://officeapps.live.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://officepyservice.office.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://onedrive.live.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office365.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office365.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://powerlift.acompli.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://products.office.com/en-us/CMSImages/Office365Logo_Orange.png?version=b8d100a9-0a8b-8e6a-88e1
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://res.cdn.office.net
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://service.powerapps.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://settings.outlook.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://staging.cortana.ai
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://substrate.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://tasks.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: Undeliverable_ Not read_ Who is the best point of contact_.eml, ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/DH2dCM7VMBsXG5rLc3boVo?domain=maxpr01ca0102.indprd01.prod.ou
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/DhdsCN76N1s71NWQIpeCrZ?domain=170.10.153.101
Source: Undeliverable_ Not read_ Who is the best point of contact_.eml, ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/EeEwCOJ0O9inoA8gcNcC7g?domain=protection.outlook.com
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/FCuZCEKVAQsLKW7ziyQrAx?domain=relay.mimecast.com
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/L5UZCB1YxEtj3VGkHvEh-M?domain=dm6pr04mb6425.namprd04.prod.ou
Source: Undeliverable_ Not read_ Who is the best point of contact_.eml, ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/Q81mCR8VRBtE8r6pIjWX5d?domain=104.47.57.169
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/SwoBCDwVzETqQB9WhB_Zq8?domain=nam11-dm6-obe.outbound.protect
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/V5dPCzqwRlu6vR1yfoNpM0?domain=sezpr02mb6745.apcprd02.prod.ou
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/X-hXCP6VPJCWq4w2u8oq9h?domain=sdbmail.com
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/ZV4QCLAVLBIK5PWgTkuKer?domain=maxpr01ca0102.outlook.office36
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/iLmYCGwVDKTkoJ7PcWUj7D?domain=usb-smtp-delivery-101.mimecast
Source: Undeliverable_ Not read_ Who is the best point of contact_.eml, ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/oRD_CwnqOgiKXLj4TqsaZf?domain=pbianalytics.in
Source: Undeliverable_ Not read_ Who is the best point of contact_.eml, ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/psMlCQA8QLIOm6QKIwC15P?domain=mail-dm6nam11lp2169.outbound.p
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/uaciCA8YwOt4M9QPTMSaMo?domain=bn7pr04mb3907.namprd04.prod.ou
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/ukhZCJE9JXfZP8J2in4geH?domain=ma1pepf00007264.mail.protectio
Source: ~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drString found in binary or memory: https://url.usb.m.mimecastprotect.com/s/y-NCCKAV0EIO0qoYIr4s9b?domain=ma1pepf00007264.indprd01.prod.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://webshell.suite.office.com
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://wus2.contentsync.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/21@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240828T1611400414-7524.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Undeliverable_ Not read_ Who is the best point of contact_.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6EDD125C-B569-4098-A1CB-466123FEB808" "478F60CF-2EAC-4C79-88CF-7F6F173E0024" "7524" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6EDD125C-B569-4098-A1CB-466123FEB808" "478F60CF-2EAC-4C79-88CF-7F6F173E0024" "7524" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager13
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1500771 Sample: Undeliverable_ Not read_ Wh... Startdate: 28/08/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 70 140 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://otelrules.svc.static.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://url.usb.m.mimecastprotect.com/s/iLmYCGwVDKTkoJ7PcWUj7D?domain=usb-smtp-delivery-101.mimecast0%Avira URL Cloudsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://api.microsoftstream.com/api/0%Avira URL Cloudsafe
https://products.office.com/en-us/CMSImages/Office365Logo_Orange.png?version=b8d100a9-0a8b-8e6a-88e10%Avira URL Cloudsafe
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
https://my.microsoftpersonalcontent.com0%Avira URL Cloudsafe
https://url.usb.m.mimecastprotect.com/s/DhdsCN76N1s71NWQIpeCrZ?domain=170.10.153.1010%Avira URL Cloudsafe
https://outlook.office.com/autosuggest/api/v1/init?cvid=0%Avira URL Cloudsafe
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false0%Avira URL Cloudsafe
https://d.docs.live.net0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://url.usb.m.mimecastprotect.com/s/iLmYCGwVDKTkoJ7PcWUj7D?domain=usb-smtp-delivery-101.mimecast~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drfalse
  • Avira URL Cloud: safe
unknown
https://api.diagnosticssdf.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:1443E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.netE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectorsE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/appinfo/queryE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkeyE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://powerlift.acompli.netE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://rpsticket.partnerservices.getmicrosoftkey.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://lookup.onenote.com/lookup/geolocation/v1E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://cortana.aiE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/importsE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://cloudfiles.onenote.com/upload.aspxE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://entitlement.diagnosticssdf.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.aadrm.com/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://ofcrecsvcapi-int.azurewebsites.net/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://canary.designerapp.E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://ic3.teams.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://www.yammer.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.microsoftstream.com/api/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • Avira URL Cloud: safe
unknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://cr.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • Avira URL Cloud: safe
unknown
https://products.office.com/en-us/CMSImages/Office365Logo_Orange.png?version=b8d100a9-0a8b-8e6a-88e1~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drfalse
  • Avira URL Cloud: safe
unknown
https://messagebroker.mobile.m365.svc.cloud.microsoftE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://otelrules.svc.static.microsoftE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://portal.office.com/account/?ref=ClientMeControlE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://edge.skype.com/registrar/prodE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://graph.ppe.windows.netE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://res.getmicrosoftkey.com/api/redemptioneventsE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://powerlift-frontdesk.acompli.netE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://tasks.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://officeci.azurewebsites.net/api/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://sr.outlook.office.net/ws/speech/recognize/assistant/workE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.scheduler.E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://my.microsoftpersonalcontent.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • Avira URL Cloud: safe
unknown
https://store.office.cn/addinstemplateE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.aadrm.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://edge.skype.com/rpsE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office.com/autosuggest/api/v1/init?cvid=E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • Avira URL Cloud: safe
unknown
https://globaldisco.crm.dynamics.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://messaging.engagement.office.com/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://dev0-api.acompli.net/autodetectE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://www.odwebp.svc.msE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.diagnosticssdf.office.com/v2/feedbackE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/groupsE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://web.microsoftstream.com/video/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.store.officeppe.com/addinstemplateE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://graph.windows.netE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://dataservice.o365filtering.com/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://url.usb.m.mimecastprotect.com/s/DhdsCN76N1s71NWQIpeCrZ?domain=170.10.153.101~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp.0.drfalse
  • Avira URL Cloud: safe
unknown
https://officesetup.getmicrosoftkey.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://analysis.windows.net/powerbi/apiE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://prod-global-autodetect.acompli.net/autodetectE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://substrate.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/autodiscover/autodiscover.jsonE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://consent.config.office.com/consentcheckin/v1.0/consentsE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://d.docs.live.netE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • Avira URL Cloud: safe
unknown
https://safelinks.protection.outlook.com/api/GetPolicyE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://ncus.contentsync.E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • Avira URL Cloud: safe
unknown
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
http://weather.service.msn.com/data.aspxE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://apis.live.net/v5.0/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://officepyservice.office.net/service.functionalityE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://templatesmetadata.office.net/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://messaging.lifecycle.office.com/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://pushchannel.1drv.msE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://management.azure.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://wus2.contentsync.E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://incidents.diagnostics.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/iosE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://make.powerautomate.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/api/addins/searchE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/odc/insertmediaE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/api/v1.0/me/ActivitiesE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://api.office.netE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://incidents.diagnosticssdf.office.comE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://asgsmsproxyapi.azurewebsites.net/E3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/android/policiesE3FE9D15-686C-4E93-8588-C1F661D0DE29.0.drfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1500771
Start date and time:2024-08-28 22:10:38 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 25s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:6
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Undeliverable_ Not read_ Who is the best point of contact_.eml
Detection:CLEAN
Classification:clean1.winEML@3/21@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .eml

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
  • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.28.47, 23.33.90.70, 23.33.90.83, 13.89.179.10
  • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, onedscolprdcus12.centralus.cloudapp.azure.com, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, uks-azsc-000.roaming.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtQueryAttributesFile calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadVirtualMemory calls found.
  • VT rate limit hit for: Undeliverable_ Not read_ Who is the best point of contact_.eml

Simulations

Behavior and APIs

No simulations

LLM Input / Output

InputOutput
URL: Email Model: jbxai
{
"brand":["unknown"],
"contains_trigger_text":false,
"prominent_button_name":"unknown",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):231348
Entropy (8bit):4.392006214036515
Encrypted:false
SSDEEP:1536:kEYLEOgs3Tfks+oFagscBNcAz79ysQqt2kNFhqoQ0frcm0FvEVcyphOKNtthV/lj:apgxVbgPmiGu2aqoQ0rt0Fvu64haLQKS
MD5:A226FB0478C945658785F3D9DFA52B8F
SHA1:F46FF36885A8E74D8862BDE6239B9DECE21B643A
SHA-256:8991CEF5405B8E61DD2FA7B29E90F7F3D3CA87C07A9F734759965974C15D641A
SHA-512:1409A301E9C967A8A5AAFAA599581525531DAD39F0FD54478D9052FBF02D85F1C59BD8DA90512C73125FE257128080E1486080790B8434AF1E1EE2F09A78F72F
Malicious:false
Reputation:low
Preview:TH02...... ...Lp........SM01X...,....5>p............IPM.Activity...........h...............h............H..hT.......-..B...h............H..h\jon ...ppDa...h...0..........h}..+...........h........_`.j...h1..+@...I..v...h....H...8..j...0....T...............d.........2h...............k1.1...........!h.............. h..Xi.........#h....8.........$h........8....."h........X.....'h.._...........1h}..+<.........0h....4.....j../h....h......jH..h.R..p...T.....-h .............+h...+....H................... ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (65536), with no line terminators
Category:dropped
Size (bytes):322260
Entropy (8bit):4.000299760592446
Encrypted:false
SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
MD5:CC90D669144261B198DEAD45AA266572
SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
Malicious:false
Reputation:high, very likely benign file
Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with no line terminators
Category:modified
Size (bytes):10
Entropy (8bit):2.9219280948873623
Encrypted:false
SSDEEP:3:LBdjkcn:tdjV
MD5:A947FB70AC9DC17D0EB01674D2369F39
SHA1:C8998B76EEF1B0B44015298F42973AB363CB1DD7
SHA-256:2EB65F49BBE041F2DCD38A12D512F89E9D07BC2021470DA40D836B779B5231D0
SHA-512:78AD9391F7801336F7B201D5A850DD556A41B80F260276D565BDBA8DA17B9E065B2D24C552B76B6681CAC4C52A8C51820D831F2029D18B0444F5AA32DF234E1B
Malicious:false
Reputation:low
Preview:1724875909

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\E3FE9D15-686C-4E93-8588-C1F661D0DE29

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):176365
Entropy (8bit):5.287460774438251
Encrypted:false
SSDEEP:1536:Ui2XfRAqcbH41gwEiLe7HW8bM/o/NMYcAZl1p5ihs7EXXmEAD2Odad:x4e7HW8bM/o/wXDku
MD5:BDF3F7962B8ED7E74C8F3F8114659919
SHA1:021F47D8C69F989708D2D122C053B257D10CBC99
SHA-256:FF87851F733966B045A9F18C5E95ED5C53B0DF0BB36A0C1BA7E18C56E683368C
SHA-512:25480C3CEA805B647E6A3B1C33846654A39C01ABAB009E7C8DD52A2BF84E9397E5390C374B0B6DB83F953C65AF561290012B3F79BABA82F1DEC741806325D14C
Malicious:false
Reputation:low
Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-08-28T20:11:44">.. Build: 16.0.18014.40125-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
Category:dropped
Size (bytes):4096
Entropy (8bit):0.09304735440217722
Encrypted:false
SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
MD5:D0DE7DB24F7B0C0FE636B34E253F1562
SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
Malicious:false
Reputation:moderate, very likely benign file
Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):4616
Entropy (8bit):0.1384465837476566
Encrypted:false
SSDEEP:3:7FEG2l+Gt/FllkpMRgSWbNFl/sl+ltlslN04l9XllG2:7+/lVg9bNFlEs1E39O2
MD5:94B7B2CA7E6ECEF8DCA4D808C9BCD296
SHA1:421B7E1CBCCA6EB543B8970BA2325D6C15E2CC1E
SHA-256:5B3AFE2FEC751DC3A6928AE3B4F6F0B77072D875DA38EF8B60EEE7C5261E6B69
SHA-512:F6F81EB03F75A2BF5DC12FB4BFAEB8A891C07D70CF48AA2C49AE800B71C51DBA950A044E41809D8E18AE8649C8D1224B0D5E9C45736FBD803DB284F618E2BFB1
Malicious:false
Reputation:low
Preview:.... .c.....p.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):32768
Entropy (8bit):0.0445382698033491
Encrypted:false
SSDEEP:6:G4l2Pi8XRPrl2Pi8XRPWL9XXPH4l942U:l2Pi8XRPx2Pi8XRPW5A0
MD5:CB4D0007ECB5BCEB27B4F27255448D4C
SHA1:3B4C346E516239C6CB37E36E85D1928463D166BA
SHA-256:E01665BBB9336F6E27045B855637218D60CE76ADA1CDD76023C3DF75CFE12169
SHA-512:61CDCD8B8DA7F8557B72A8CB851960DAB4777DB0F35365DED22ADF14022F7641D6AFFB5C25081975BFF5E3DE91151BB227B8CACA4788FF8E3A40E28B318BCC70
Malicious:false
Reputation:low
Preview:..-......................j....}CQ....u=..g`zX.jv..-......................j....}CQ....u=..g`zX.jv........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:SQLite Write-Ahead Log, version 3007000
Category:dropped
Size (bytes):45352
Entropy (8bit):0.3952971390494237
Encrypted:false
SSDEEP:24:Kz2yQ2lQMIzRDoYvqill7DBtDi4kZERDNyxqt8VtbDBtDi4kZERDg:WQoQjPvqill7DYM0xO8VFDYM0
MD5:98F3730EACA5D69BBC6DDE7E7F15F623
SHA1:253F46F8214180C5E70E4C8836BED3D4611EDC05
SHA-256:30CACBDE38DB31949FF7B31EF497A8476C561414AF32DA57586A4D2D514A50C2
SHA-512:9372A52D9E72C28175882A9472884DA4029C5FA7340AD23839CF3D993C79FCBC6006C1636FCE7C8175F71CAF6ED20DC92E6BE23CFE152FEF866CB796FD4423A0
Malicious:false
Reputation:low
Preview:7....-..........Q....u=...d$...........Q....u=....J:.d<SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{23F01644-69A8-4AAC-8A28-C5B7FE62844B}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):52640
Entropy (8bit):3.8508468426330467
Encrypted:false
SSDEEP:768:cCtUGB4ybi96CBEYfurms+gqPdIoIZxuSswOcMWhsGZ:cebi96i5fuqs+gqSoIZxuvwOcrhsG
MD5:378ED4F23BE6B1BC95A36BFC439F3CC3
SHA1:480007A6D833F04527C93C13A0A7355E3DB51EB3
SHA-256:36AF53536F84F42FF2EE48B85FFAF32A1AC4E177AF7AAD50ED8064C7908F106F
SHA-512:3B1813F530DF5CA65A65A586DF8CFB8C056AE17054CAACDFADD696956C2A2CA06850055096283934E4ABA99416BE3CC5D6F4A2740F1FD6BFB660C7886A780A25
Malicious:false
Preview:......C.A.U.T.I.O.N.:. .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................$...&...*...t...................2...4...P...h..........................................................................................................................................................................................................................................................................$.a$......$.a$.....$..$.If....:V.......t.....6......4........4........a.......-D..M............*...$..$.If........!v..h.#v....:V.......t.....6......5.......4....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{78286B5C-107C-4802-A8EF-8053F3677AF3}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):1024
Entropy (8bit):0.03351732319703582
Encrypted:false
SSDEEP:3:ol3lG:40
MD5:830FBF83999E052538EAF156AB6ECB17
SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
Malicious:false
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8204E36D-F974-457D-AAB1-C86FD1E36D3A}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):3584
Entropy (8bit):2.82249127258548
Encrypted:false
SSDEEP:24:nqYIkvRmEv4MJo2vzIva+x2fwAHWymWgjI5a+dKanfK3a+0Q:lDI3ymW1VKF
MD5:1A100D1FDDF39D00734BC034EF015E3C
SHA1:B2369A2CC1BA2BB776B683A4441F6E37AB2F7271
SHA-256:D36D41D5B7150EFC5672924856D72CFA98C0B8B8CCD9517FCA73DC24D13A3484
SHA-512:B58CEB1A48F6E6D968242378D3D6C6B24E0599F975D074BCD56F88D62841B6CA32FAC142E37ABFC35333D73829C37CF1E76E9C8E9496C660F5A5F56164D54715
Malicious:false
Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...j.o.n.e.s...j............................................................................................................................................................................................................................................................................................................................................................................................. ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{87BE10DF-8DA4-4973-9B75-B87F2EC69024}.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):1024
Entropy (8bit):0.03351732319703582
Encrypted:false
SSDEEP:3:ol3lG:40
MD5:830FBF83999E052538EAF156AB6ECB17
SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
Malicious:false
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724875901441659000_2DE12C23-D8F0-44B2-A80D-44CC599AC2E0.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with very long lines (28740), with CRLF line terminators
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.17675237892263668
Encrypted:false
SSDEEP:1536:6GhBJ7+49CTcF5DPHOgjpgGBaHqh4v6cUjkHbx/OBXVB3ccky6kBj:/77Qc5DGW450
MD5:1EC9F48F51CAFECB483557D2DB33E913
SHA1:211035D52A1C65B755915B9BF9D506C3A3B2C61A
SHA-256:C58A9DCED8231400576466F2063DF08FB07A70C88890EBD45EDDDB5F5D4AAC92
SHA-512:A4C5F8A8FC9E967C1AD05CFA7C6C723D8D37FF990227295F798C085E52B88BFA06148390B89394F898D12A8406E17775AB620509FEDC12F71FE286655D5F9067
Malicious:false
Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..08/28/2024 20:11:41.492.OUTLOOK (0x1D64).0x1D68.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-08-28T20:11:41.492Z","Contract":"Office.System.Activity","Activity.CV":"IyzhLfDYskSoDUTMWZrC4A.4.9","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...08/28/2024 20:11:41.696.OUTLOOK (0x1D64).0x1D68.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-08-28T20:11:41.696Z","Contract":"Office.System.Activity","Activity.CV":"IyzhLfDYskSoDUTMWZrC4A.4.10","Activity.Duration":143243,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajor

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1724875901445084100_2DE12C23-D8F0-44B2-A80D-44CC599AC2E0.log

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):20971520
Entropy (8bit):0.0
Encrypted:false
SSDEEP:3::
MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:false
Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240828T1611400414-7524.etl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):110592
Entropy (8bit):4.505711388871651
Encrypted:false
SSDEEP:768:mAZTWMhXjCtSfRzyysN466tnu113dN9RXQkhDa+/yWHX12RWwWcWoWDirKXSYASE:I7466tnu113dN9RXQk0+/3HXErYSj
MD5:32220CDB9C56C74D8D9A5B0A966B3DC9
SHA1:CDFC1366D7AF80247A41EE19E39EA6B37013D5BF
SHA-256:99E3CB4C19769F1C0FB6B385E6899D51909BE7B6957C935995A27A97200ADD8E
SHA-512:841B41143253F8F61AEA6FADDA4C8604BA4F9D7FA4A770ABC3F831C0A3AE4D99D98EB2A550CED379946D80CAD939063D60A80503DDD216DC3E86CEEC19EE88A4
Malicious:false
Preview:............................................................................b...h...d.....~....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................A.j..............~............v.2._.O.U.T.L.O.O.K.:.1.d.6.4.:.5.1.3.5.0.8.2.7.8.0.a.d.4.a.a.c.b.f.c.d.c.7.9.8.c.0.7.c.5.8.c.f...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.0.8.2.8.T.1.6.1.1.4.0.0.4.1.4.-.7.5.2.4...e.t.l.............P.P.h...d.....~....................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\msoCAB9.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:GIF image data, version 89a, 15 x 15
Category:dropped
Size (bytes):663
Entropy (8bit):5.949125862393289
Encrypted:false
SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
MD5:ED3C1C40B68BA4F40DB15529D5443DEC
SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
Malicious:false
Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

C:\Users\user\AppData\Local\Temp\olkC27B.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):198
Entropy (8bit):5.143647168324183
Encrypted:false
SSDEEP:3:++b3ad6cy2OTLKXqMG5GRMA9Iruy5RMGMdu0AKB1cEx/Ac3TH0rcFKcUuchg/v:+Q3ad9OHKXq4RMAZgRscK/PA8HTmgn
MD5:DB1DBD197CD8425C76F4C70EB227AAB6
SHA1:8C83CBBAA279F6B62048FB718F7E972B8C2312EA
SHA-256:3790360FDD9525BCB032DCB72D9A5DF21F7D5BFEBF5773198F8CF98C05CAAD43
SHA-512:43A81F54E6B82CCD9A3344AABB4061E234C2954A2E19260A3CD6AA56EB980559D7F6A990756FD8EA9D266A9E23A1954C5A36ECA5208B52321FE2B5922A8F8686
Malicious:false
Preview:Final-recipient: RFC822; chris.scales@sdbmail.com..Disposition: automatic-action/MDN-sent-automatically; deleted..X-MSExch-Correlation-Key: neT04d9lYES966QALDXETQ==..X-Display-Name: Chris Scales....

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):30
Entropy (8bit):1.2389205950315936
Encrypted:false
SSDEEP:3:Ysrt:Y
MD5:064004806BEE817C58AC9FF54F32F319
SHA1:8334B7178B4F85B46398E8B8F27B86C72C74B626
SHA-256:5ABCFF8E3F452E5D8DF6DAC30F9643D80CF964F187605BA12387606EA86F3A3E
SHA-512:A5A5D737104D0F342298D403A1CBCF61868383340CBB0ADE9F2A3E2E70AB5383869AE23E4B315345FA6EE614DC566C3F2CC53772A64F0F995147AC84ED4F0A37
Malicious:false
Preview:..............................

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Composite Document File V2 Document, Cannot read section info
Category:dropped
Size (bytes):16384
Entropy (8bit):0.6704414737159474
Encrypted:false
SSDEEP:12:rl3baFwsqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCYOp:rTmnq1Py961Yq
MD5:BACAF959907549458A81C10DB9CBBA49
SHA1:EDA781AC6F2FD9686A1116F0494186984ED55675
SHA-256:11E330C47995969BA9AB9941B6B45EA98FB1F55C601C357756DECBCF4CF216E1
SHA-512:436A178B9B74259AC0C328B99C181FB9529A90F24196B1D27F71B197B87395817FBEC06351D9AB22F8C4FAB4356985E5212ADCD7781B56ABEE679A8564CAE143
Malicious:false
Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:Microsoft Outlook email folder (>=2003)
Category:dropped
Size (bytes):271360
Entropy (8bit):4.491839671617843
Encrypted:false
SSDEEP:1536:PITtxf5h+l5Jj10GLCWaVL0c1+zYe1cVWASiM0Mo/UTpzbjzCee+zc1JnEe1ePWO:P0r+lpa1V8TlbjzCeg17p92VAp9
MD5:0AD9AE323B2B115B2030082CCA3DB5F8
SHA1:4616DDC15830227296374539AD2648CB0DB21DC9
SHA-256:0576F10CB5A634CE0E9829B0D40DFFC37BB74D56AB2E75E265E252319ECC3179
SHA-512:539F4297079079ACC562A22D6DC44007F9D973D9C630E42DF23E20096A3FA9DD0E333DFEB1A7A0A13A5E37C3D26294D797633343F185A22B7B827CCE75F83A74
Malicious:false
Preview:!BDN...SM......\...............E.......j................@...........@...@...................................@...........................................................................$.......D......................?...............D.....................................................................................................................................................................................................................................................................................................E.5.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Download File
Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:data
Category:dropped
Size (bytes):262144
Entropy (8bit):3.9629422046105884
Encrypted:false
SSDEEP:1536:8P4qQ10PAwr1YDOYkK+8oMAMo/J6L0c1+zYe1cTWAWfRggcTjzbjzCeeWzc1JnEV:ZaEQo1pTfbjzCeU1zp9q
MD5:046B5E4DEFE2735AD932A167E9A4D2E4
SHA1:FC51F79515147EE223239B9F9719F28317C70230
SHA-256:4E4069D98743E278B1E71C644C7CD3B91350376C6116A1985BFFCDE752BD59F0
SHA-512:E5596ECF68094A89CBB15695B4FE7902BC11FE79387419FC2B567D7F863D08FD9A275331E3C9FAACDA6303EA40E21CC7C4606F044627888B0E8F8E71B5CB0788
Malicious:false
Preview:....0...........d.../.d|.........D............#....................<....................................................................................................................................................................................................................................................................................................................................?...........................................................................................................................................................k..d.D......W1E.0...........d.../.d|.........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:RFC 822 mail, ASCII text, with very long lines (833), with CRLF line terminators
Entropy (8bit):5.715788729574228
TrID:
  • E-Mail message (Var. 5) (54515/1) 100.00%
File name:Undeliverable_ Not read_ Who is the best point of contact_.eml
File size:99'324 bytes
MD5:9eee92551fbaf5e34fee9c860d2c549e
SHA1:71db28abbf3a12ba0c82cf5587b647f96d4c3d9a
SHA256:755d7f153efac914d7570aa77f66369c495430ff5e002971311111f8483d27d2
SHA512:60e4cb06eaf7ebee1bc2680449eff2fcd2dd1c11616637dc6a2baf1665740f65311a74924adeeb97e189969d56879534b3ec2ec8da10c0ec6dbc09a1e8a311ae
SSDEEP:1536:Js7ifSciBd2XMqzTq7dzP+dzlQQ11FvI6:yCSc0EJ3wqhf
TLSH:57A33C63DA471D21BEE055FDF3C3B89DE399064A1257E0E039DEA247AB801E547827CE
File Content Preview:Received: from PH8PR04MB8734.namprd04.prod.outlook.com (2603:10b6:510:255::14).. by BN7PR04MB3907.namprd04.prod.outlook.com with HTTPS; Sat, 16 Mar 2024.. 05:34:30 +0000..Received: from SJ0PR05CA0030.namprd05.prod.outlook.com (2603:10b6:a03:33b::35).. by

Static Mail

General

Subject:Undeliverable: Not read: Who is the best point of contact?
From:"postmaster@globalassociatesbiz.onmicrosoft.com" <postmaster@globalassociatesbiz.onmicrosoft.com>
To:Chris Scales <chris.scales@sdbmail.com>
Cc:
BCC:
Date:Sat, 16 Mar 2024 05:34:11 +0000
Communications:
  • CAUTION: The email below is from an external source. Please exercise caution before opening attachments, clicking links, or interacting with this message. ________________________________ [https://products.office.com/en-us/CMSImages/Office365Logo_Orange.png?version=b8d100a9-0a8b-8e6a-88e1-ef488fee0470] Your message to claire.parker@pbianalytics.in couldn't be delivered. claire.parker wasn't found at pbianalytics.in<https://url.usb.m.mimecastprotect.com/s/oRD_CwnqOgiKXLj4TqsaZf?domain=pbianalytics.in>. chris.scales Office 365 claire.parker Action Required Recipient Unknown To address How to Fix It The address may be misspelled or may not exist. Try one or more of the following: * Send the message again following these steps: In Outlook, open this non-delivery report (NDR) and choose Send Again from the Report ribbon. In Outlook on the web, select this NDR, then select the link "To send this message again, click here." Then delete and retype the entire recipient address. If prompted with an Auto-Complete List suggestion don't select it. After typing the complete address, click Send. * Contact the recipient (by phone, for example) to check that the address exists and is correct. * The recipient may have set up email forwarding to an incorrect address. Ask them to check that any forwarding they've set up is working correctly. * Clear the recipient Auto-Complete List in Outlook or Outlook on the web by following the steps in this article: Fix email delivery issues for error code 5.1.10 in Office 365<https://url.usb.m.mimecastprotect.com/s/5-exCxorPjCkKJlgcY4-9A?domain=go.microsoft.com>, and then send the message again. Retype the entire recipient address before selecting Send. If the problem continues, forward this message to your email admin. If you're an email admin, refer to the More Info for Email Admins section below. Was this helpful? Send feedback to Microsoft<https://url.usb.m.mimecastprotect.com/s/lV-8Cypv0ktZEN1QiR3l4s?domain=go.microsoft.com>. ________________________________ More Info for Email Admins Status code: 550 5.1.10 This error occurs because the sender sent a message to an email address hosted by Office 365 but the address is incorrect or doesn't exist at the destination domain. The error is reported by the recipient domain's email server, but most often it must be fixed by the person who sent the message. If the steps in the How to Fix It section above don't fix the problem, and you're the email admin for the recipient, try one or more of the following: The email address exists and is correct - Confirm that the recipient address exists, is correct, and is accepting messages. Synchronize your directories - If you have a hybrid environment and are using directory synchronization make sure the recipient's email address is synced correctly in both Office 365 and in your on-premises directory. Errant forwarding rule - Check for forwarding rules that aren't behaving as expected. Forwarding can be set up by an admin via mail flow rules or mailbox forwarding address settings, or by the recipient via the Inbox Rules feature. Recipient has a valid license - Make sure the recipient has an Office 365 license assigned to them. The recipient's email admin can use the Office 365 admin center to assign a license (Users > Active Users > select the recipient > Assigned License > Edit). Mail flow settings and MX records are not correct - Misconfigured mail flow or MX record settings can cause this error. Check your Office 365 mail flow settings to make sure your domain and any mail flow connectors are set up correctly. Also, work with your domain registrar to make sure the MX records for your domain are configured correctly. For more information and additional tips to fix this issue, see Fix email delivery issues for error code 5.1.10 in Office 365<https://url.usb.m.mimecastprotect.com/s/5-exCxorPjCkKJlgcY4-9A?domain=go.microsoft.com>. Original Message Details Created Date: 3/16/2024 5:32:36 AM Sender Address: chris.scales@sdbmail.com Recipient Address: claire.parker@pbianalytics.in Subject: Not read: Who is the best point of contact? Error Details Error: 550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient claire.parker@pbianalytics.in not found by SMTP address lookup Message rejected by: SEZPR02MB6745.apcprd02.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/V5dPCzqwRlu6vR1yfoNpM0?domain=sezpr02mb6745.apcprd02.prod.outlook.com> Notification Details Sent by: SEZPR02MB6745.apcprd02.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/V5dPCzqwRlu6vR1yfoNpM0?domain=sezpr02mb6745.apcprd02.prod.outlook.com> Message Hops HOP TIME (UTC) FROM TO WITH RELAY TIME 1 3/16/2024 5:33:37 AM BN7PR04MB3907.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/uaciCA8YwOt4M9QPTMSaMo?domain=bn7pr04mb3907.namprd04.prod.outlook.com> BN7PR04MB3907.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/uaciCA8YwOt4M9QPTMSaMo?domain=bn7pr04mb3907.namprd04.prod.outlook.com> mapi 1 min, 1 sec 2 3/16/2024 5:33:37 AM BN7PR04MB3907.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/uaciCA8YwOt4M9QPTMSaMo?domain=bn7pr04mb3907.namprd04.prod.outlook.com> DM6PR04MB6425.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/L5UZCB1YxEtj3VGkHvEh-M?domain=dm6pr04mb6425.namprd04.prod.outlook.com> Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) * 3 3/16/2024 5:34:02 AM NAM11-DM6-obe.outbound.protection.outlook.com<https://url.usb.m.mimecastprotect.com/s/SwoBCDwVzETqQB9WhB_Zq8?domain=nam11-dm6-obe.outbound.protection.outlook.com> relay.mimecast.com<https://url.usb.m.mimecastprotect.com/s/FCuZCEKVAQsLKW7ziyQrAx?domain=relay.mimecast.com> STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 25 sec 4 3/16/2024 5:34:07 AM usb-smtp-delivery-101.mimecast.com<https://url.usb.m.mimecastprotect.com/s/iLmYCGwVDKTkoJ7PcWUj7D?domain=usb-smtp-delivery-101.mimecast.com> MA1PEPF00007264.mail.protection.outlook.com<https://url.usb.m.mimecastprotect.com/s/ukhZCJE9JXfZP8J2in4geH?domain=ma1pepf00007264.mail.protection.outlook.com> Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 5 sec 5 3/16/2024 5:34:08 AM MA1PEPF00007264.INDPRD01.PROD.OUTLOOK.COM<https://url.usb.m.mimecastprotect.com/s/y-NCCKAV0EIO0qoYIr4s9b?domain=ma1pepf00007264.indprd01.prod.outlook.com> MAXPR01CA0102.outlook.office365.com<https://url.usb.m.mimecastprotect.com/s/ZV4QCLAVLBIK5PWgTkuKer?domain=maxpr01ca0102.outlook.office365.com> Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 1 sec 6 3/16/2024 5:34:09 AM MAXPR01CA0102.INDPRD01.PROD.OUTLOOK.COM<https://url.usb.m.mimecastprotect.com/s/DH2dCM7VMBsXG5rLc3boVo?domain=maxpr01ca0102.indprd01.prod.outlook.com> SEZPR02MB6745.apcprd02.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/V5dPCzqwRlu6vR1yfoNpM0?domain=sezpr02mb6745.apcprd02.prod.outlook.com> Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) 1 sec Original Message Headers Received: from MAXPR01CA0102.INDPRD01.PROD.OUTLOOK.COM<https://url.usb.m.mimecastprotect.com/s/DH2dCM7VMBsXG5rLc3boVo?domain=maxpr01ca0102.indprd01.prod.outlook.com> (2603:1096:a00:5d::20) by SEZPR02MB6745.apcprd02.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/V5dPCzqwRlu6vR1yfoNpM0?domain=sezpr02mb6745.apcprd02.prod.outlook.com> (2603:1096:101:199::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23; Sat, 16 Mar 2024 05:34:09 +0000 Received: from MA1PEPF00007264.INDPRD01.PROD.OUTLOOK.COM<https://url.usb.m.mimecastprotect.com/s/y-NCCKAV0EIO0qoYIr4s9b?domain=ma1pepf00007264.indprd01.prod.outlook.com> (2603:1096:a00:5d:cafe::6e) by MAXPR01CA0102.outlook.office365.com<https://url.usb.m.mimecastprotect.com/s/ZV4QCLAVLBIK5PWgTkuKer?domain=maxpr01ca0102.outlook.office365.com> (2603:1096:a00:5d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23 via Frontend Transport; Sat, 16 Mar 2024 05:34:08 +0000 Authentication-Results: spf=pass (sender IP is 170.10.153.101<https://url.usb.m.mimecastprotect.com/s/DhdsCN76N1s71NWQIpeCrZ?domain=170.10.153.101>) smtp.mailfrom=sdbmail.com; dkim=pass (signature was verified) header.d=sdbmail.com;dmarc=pass action=none header.from=sdbmail.com; Received-SPF: Pass (protection.outlook.com<https://url.usb.m.mimecastprotect.com/s/EeEwCOJ0O9inoA8gcNcC7g?domain=protection.outlook.com> domain of sdbmail.com<https://url.usb.m.mimecastprotect.com/s/X-hXCP6VPJCWq4w2u8oq9h?domain=sdbmail.com> designates 170.10.153.101<https://url.usb.m.mimecastprotect.com/s/DhdsCN76N1s71NWQIpeCrZ?domain=170.10.153.101> as permitted sender) receiver=protection.outlook.com; client-ip=170.10.153.101; helo=usb-smtp-delivery-101.mimecast.com; pr=C Received: from usb-smtp-delivery-101.mimecast.com<https://url.usb.m.mimecastprotect.com/s/iLmYCGwVDKTkoJ7PcWUj7D?domain=usb-smtp-delivery-101.mimecast.com> (170.10.153.101<https://url.usb.m.mimecastprotect.com/s/DhdsCN76N1s71NWQIpeCrZ?domain=170.10.153.101>) by MA1PEPF00007264.mail.protection.outlook.com<https://url.usb.m.mimecastprotect.com/s/ukhZCJE9JXfZP8J2in4geH?domain=ma1pepf00007264.mail.protection.outlook.com> (10.167.242.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.12 via Frontend Transport; Sat, 16 Mar 2024 05:34:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sdbmail.com; s=mimecast20231211; t=1710567246; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to; bh=ABuA7CUFlRJbTmRV0EqSBeNWwRaKnrdS6VRjXbZFL7g=; b=XXpBGKDEzbukBE5FqkjfRZs3nOuLfAmZjzAMVEX5HggO+J+SDZ01w3HaR7/25wOgcu9it0 WYBa3zq/1XNZqm6CMXfEr3X5TaLaHfT12IUbg0gFYdYqSzPvF4I3ZJPn/tuCkylE12myXT MSsB5yXcoN3gx1sB/vFfNDQIJL6/tc35cGDsXL0C7AvbgN2YZUPh3S4zBM45pq1nsjMGMH smqvJjn+1xH+GYvK1odYXtqFyTdoOdwe107Cw69myc1jt0967suoq7ecSE32ATMuhfRCYp pGLc5h8Nxe27hB/zsWXriCdxj+lQTBMf6oLaZSpC0zjVjriMGD6bYF8m9JnVMw== Received: from NAM11-DM6-obe.outbound.protection.outlook.com<https://url.usb.m.mimecastprotect.com/s/SwoBCDwVzETqQB9WhB_Zq8?domain=nam11-dm6-obe.outbound.protection.outlook.com> (mail-dm6nam11lp2169.outbound.protection.outlook.com<https://url.usb.m.mimecastprotect.com/s/psMlCQA8QLIOm6QKIwC15P?domain=mail-dm6nam11lp2169.outbound.protection.outlook.com> [104.47.57.169<https://url.usb.m.mimecastprotect.com/s/Q81mCR8VRBtE8r6pIjWX5d?domain=104.47.57.169>]) by relay.mimecast.com<https://url.usb.m.mimecastprotect.com/s/FCuZCEKVAQsLKW7ziyQrAx?domain=relay.mimecast.com> with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id usb-mta-8-iUZQE7vtPVGhYztL2wa5Uw-5; Fri, 15 Mar 2024 22:34:02 -0700 X-MC-Unique: iUZQE7vtPVGhYztL2wa5Uw-5 Received: from BN7PR04MB3907.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/uaciCA8YwOt4M9QPTMSaMo?domain=bn7pr04mb3907.namprd04.prod.outlook.com> (2603:10b6:406:c2::11) by DM6PR04MB6425.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/L5UZCB1YxEtj3VGkHvEh-M?domain=dm6pr04mb6425.namprd04.prod.outlook.com> (2603:10b6:5:1ec::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23; Sat, 16 Mar 2024 05:33:37 +0000 Received: from BN7PR04MB3907.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/uaciCA8YwOt4M9QPTMSaMo?domain=bn7pr04mb3907.namprd04.prod.outlook.com> ([fe80::fcad:ead3:59d5:7ab1]) by BN7PR04MB3907.namprd04.prod.outlook.com<https://url.usb.m.mimecastprotect.com/s/uaciCA8YwOt4M9QPTMSaMo?domain=bn7pr04mb3907.namprd04.prod.outlook.com> ([fe80::fcad:ead3:59d5:7ab1%4]) with mapi id 15.20.7386.022; Sat, 16 Mar 2024 05:33:37 +0000 From: Chris Scales <chris.scales@sdbmail.com> To: Claire Parker <Claire.Parker@pbianalytics.in> Subject: Not read: Who is the best point of contact? Thread-Topic: Who is the best point of contact? Thread-Index: AdmOPcVmJJi8C+atRASMRGLdtclHtDpJKpNj Date: Sat, 16 Mar 2024 05:32:36 +0000 Message-ID: <BN7PR04MB39076A6D24F86CAED19C74248F2F2@BN7PR04MB3907.namprd04.prod.outlook.com> In-Reply-To: <PS2PR02MB32218A4573499094756D4426FF419@PS2PR02MB3221.apcprd02.prod.outlook.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: <BN7PR04MB39076A6D24F86CAED19C74248F2F2@BN7PR04MB3907.namprd04.prod.outlook.com> X-MS-TrafficTypeDiagnostic: BN7PR04MB3907:EE_|DM6PR04MB6425:EE_|MA1PEPF00007264:EE_|SEZPR02MB6745:EE_ Return-Path: chris.scales@sdbmail.com X-MS-Office365-Filtering-Correlation-Id: 8bed4516-92ea-4954-16ec-08dc457ab3fa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0 X-Microsoft-Antispam-Message-Info-Original: +TFSbos1fbdUqU4+A1/CKZVYbqjXzAOiwid4Jvil/ohy2KBomq4j1g8CTr7AVlV5JkggBAenmEsfsJG7SXBLBoN3TLfl2DS1A9jQbo2o0V0yTxYOqe8+UuKD5IyiNtTNu6HKREoIycOcmhOhyfeSUmF0X8Qyo7ZQbEckB/1glD+Nk3g6lcILvWbmI+oxLaUIClP2QCe5rmyVythxw/dU9B5r9/LBVCtrPWORC4FxSvdFzZu4Wian+2eComJEpTWJUO/CPopx7hbqgo6/1Rs9pp98+2opK7DZcWdfVEPwHbD0RDvAdwQXS3CF47TxBbfO1SN9/ssy53YXSB8StUpdaTVcz/EXJbUixUQcONPjLrSBO0K4rKgDKNqoo71Ek37KIHuOznxxeIF3VYyO91WcCrxjgRm1fi+jLFb61Ed/EpRjaC4Q3650WytkwF3Q6k5dmUhoYbw/1HShZ/tWlww7sg== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN7PR04MB3907.namprd04.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(376005)(1800799015)(366007)(38070700009);DIR:OUT;SFP:1102 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?JXCLLewwijT4k8yFrbSmx+1a7W1A0/iaVmrctx0GZecqKyC3GFDOVP8djCx/?= =?us-ascii?Q?0AnOiSXn4zNvAtZ9zxzCp2beIb1lKwV5JRhh+YoNpi7pDW0A8H5cHpjI7HoS?= =?us-ascii?Q?eIYKd2x7FWBwrRPr/JGbtJzcZTO9SzqDHusJHDoIHr7aaHcggOWgTeB4IZ/C?= =?us-ascii?Q?o+m2ahGzZDmu7dyxu95n7NjpvwtWUb2Lm7J75S/dDCe7b/dJNw/K7GH4n59e?= =?us-ascii?Q?rRl9DhJH95+u4Lz+LHF584laRjNM4VsVvYAiOV/9BTqFZEb//sGcyQwzj2CP?= =?us-ascii?Q?xu0RiFAPpIcL+b/9j5KXH43kxPmYhCfTDTwS+/ytEu/f9lPXfUelWNWPsv03?= =?us-ascii?Q?tXeP8lfS8Rvo20Qg75BPT2fclIx8M/ZKg93H7w0vlouLYz34BkCicdQU3t88?= =?us-ascii?Q?/7w5OwdA5vQZrx+79RTCG+OdhRSDYXNiIMnBLt+iKBpulY9jNnuTK+Ky2Y8y?= =?us-ascii?Q?X8Gjb9DRRBRqoAzg3fjTrfwKYgkseOafIqAsnjJrbqO8tUs+APODkF0cXdJs?= =?us-ascii?Q?zJjuIo9fSzHsU9zIpRbBfuNS0u0vC7CJoTk3Zx8ugnfFuHB85YsbF5s+fugL?= =?us-ascii?Q?WxtHdlhFVTUW/+/GVkNI7K0zeglQCJg3jsZviTQ7SRjvmEMzx7JscTtPg2RX?= =?us-ascii?Q?e1xgVKoduhHGGUFm/OShwOSsl1BdgI0d7AvalqlXLDBRONDR8bgp13wHk19Z?= =?us-ascii?Q?nRdhggTgkErV7BcluBHVF+FuqLmBwbcf32Wa43WFbhRzbNJV5bFHMmwJ5KFh?= =?us-ascii?Q?zybpRzMp53Cy7nX7Dvth4QyQzJa3XiksweMF19Y7XVJtGelOoH5JpsbBSnmV?= =?us-ascii?Q?Tz0nRFK+djnb7b2rs6IO90EAgBt/Wdp3/o42nDG3fuv/g+GFoqEIElG7Qb6e?= =?us-ascii?Q?lgTmNHfeqPaGiyR7YWycLM7bmMA1HStQBJ/+HYTSDj15JkSGLT+7Gfq1maWs?= =?us-ascii?Q?lGidZsOjcMmNfdDMsSRTwP3XaUQoE2LjTQnF3myiELOvvtXMZ5krNrM+gy57?= =?us-ascii?Q?wUEGi/yGbYIs2Jrc/WwVr281K2riW99ySeRpxGyhPSeJsIWiuQWtHLPDeCwi?= =?us-ascii?Q?RohUi9B3qK+jEidzQmDBizV1va68y0VpyxtPIWsHYOzZCXhNxzBDIkr3JiOS?= =?us-ascii?Q?HMdrh9zT+BY0P1nqD35jV+rnhRnT2kKE/XytS+6QF8RwJ9SDSPMtxqctjJBz?= =?us-ascii?Q?FHJPJl9fDEt1WWYTBN9y4FeFjVUAeYX4sD1LvZ5LnLf8y/uBpn5XmFmVFJIN?= =?us-ascii?Q?EFJOrvCYRicDlNfXXsmgfeqTffpjP1SkaE9nuKnAw+COKT3vVF+HyARhMEA1?= =?us-ascii?Q?ydTLhMQ8JfjxGL27iMGzpNcIzyKuHE8f5A3NsgzJ65vKnrgdkrpX2/Mbg4SS?= =?us-ascii?Q?pAbQ7Jt09ZJXpOolZQrUBEXZVVhDg/0ecLGCVbLqkz1MRv4HOnOCSWA1LjGt?= =?us-ascii?Q?6f0ij4PU8U7hXGDKEoB+oM0WUaJLVE749so6vfosZLcl+zN/hjv9ekdWcDti?= =?us-ascii?Q?EaxhzYte+FitfEtXHwDtDrR2jXEW4ZCpk8vJPqyS1n85pbzhz5XoRXCKOmGH?= =?us-ascii?Q?Q3l4MuAatt9Sl+sLJG50lTciGiUAGoJ7O3a03eWw?= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR04MB6425 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: sdbmail.com<https://url.usb.m.mimecastprotect.com/s/X-hXCP6VPJCWq4w2u8oq9h?domain=sdbmail.com> Content-Language: en-US Content-Type: multipart/mixed; boundary="_0ebe0010-419b-46f9-8a3f-0c2bf20d1d5c_" X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 0672dc71-7a9f-41b1-bd93-b6c103e0b789:0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: MA1PEPF00007264.INDPRD01.PROD.OUTLOOK.COM<https://url.usb.m.mimecastprotect.com/s/y-NCCKAV0EIO0qoYIr4s9b?domain=ma1pepf00007264.indprd01.prod.outlook.com> X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: cc0a5975-af4a-43fb-8bdb-08dc457aa11d
Attachments:

Headers

Key Value
Receivedfrom APC01-SG2-obe.outbound.protection.outlook.com (mail-sgaapc01hn2238.outbound.protection.outlook.com [52.100.164.238]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id usb-mta-41-9PkraHyMPNGVOSu0s7vgmQ-1; Fri, 15 Mar 2024 22:34:17 -0700
From"postmaster@globalassociatesbiz.onmicrosoft.com" <postmaster@globalassociatesbiz.onmicrosoft.com>
ToChris Scales <chris.scales@sdbmail.com>
SubjectUndeliverable: Not read: Who is the best point of contact?
Thread-TopicNot read: Who is the best point of contact?
Thread-IndexAdmOPcVmJJi8C+atRASMRGLdtclHtDpJKpNjAABI4xg=
DateSat, 16 Mar 2024 05:34:11 +0000
Message-ID <0b8ae223-bc94-4fd5-916c-e9fafa1bb9e4@SEZPR02MB6745.apcprd02.prod.outlook.com>
References <PS2PR02MB32218A4573499094756D4426FF419@PS2PR02MB3221.apcprd02.prod.outlook.com> <BN7PR04MB39076A6D24F86CAED19C74248F2F2@BN7PR04MB3907.namprd04.prod.outlook.com>
In-Reply-To <BN7PR04MB39076A6D24F86CAED19C74248F2F2@BN7PR04MB3907.namprd04.prod.outlook.com>
Content-Languageen-US
X-MS-Exchange-Organization-AuthAsAnonymous
X-MS-Exchange-Organization-AuthSource SJ1PEPF00001CEA.namprd03.prod.outlook.com
X-MS-Exchange-Organization-ComplianceLabelId afafed80-0580-4046-b15a-a9e42fde13eb
X-MS-Has-Attachyes
X-Auto-Response-SuppressAll
X-MS-Exchange-Organization-Network-Message-Id 30409474-67e6-4d1f-ea2f-08dc457abd86
X-MS-Exchange-Organization-SCL-1
X-MS-TNEF-Correlator
X-MS-Exchange-Organization-RecordReviewCfmType0
x-ms-publictraffictypeEmail
received-spfNone (protection.outlook.com: usb-smtp-inbound-delivery-1.mimecast.com does not designate permitted sender hosts)
authentication-resultsspf=none (sender IP is 170.10.150.241) smtp.helo=usb-smtp-inbound-delivery-1.mimecast.com; dkim=fail (body hash did not verify) header.d=globalassociatesbiz.onmicrosoft.com;dmarc=none action=none header.from=globalassociatesbiz.onmicrosoft.com;compauth=other reason=502
x-mc-unique9PkraHyMPNGVOSu0s7vgmQ-1
dkim-signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=globalassociatesbiz.onmicrosoft.com; s=selector1-globalassociatesbiz-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KI0OxUY3/mAf4H13aMUKEkcYqL4BHjCyNIFNYaduhkc=; b=fXHjYQLY9kNXEs/jMJ3C0w/anbrIN8zO5ociJOWwptFIrtDR/54hNBWT6oYol0McmKZEkFsS38XI/amcX09/51oBD4hKAy70mCWJzAayvHWzb/egO6ChM1xZkxJhFCwjQxBvoVWsqQUZNl+WfcKA6BoHqF/k9pr7bq2kAWBVntVpMj1UIcFqYN7bmqU5UreOYz6zrk8ShrT9it9FCdsI6NMlZYz0VeTqiszCl1q+zsThZGyXW/YjmWz7YzDDUmckJTykzcnf/WcuJfs8/mEJXL+95nJBH18wtcHmEJmm50V2lkWEhuNDkMPqdk9XTT7hZHHAn3jQyC0+MP2CeaMYTg==
x-ms-office365-filtering-correlation-id30409474-67e6-4d1f-ea2f-08dc457abd86
x-ms-traffictypediagnostic SEZPR02MB6745:EE_|SJ1PEPF00001CEA:EE_|PH8PR04MB8734:EE_|BN7PR04MB3907:EE_
x-forefront-antispam-report CIP:170.10.150.241;CTRY:US;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:NSPM;H:usb-smtp-inbound-delivery-1.mimecast.com;PTR:usb-smtp-delivery-1.mimecast.com;CAT:NONE;SFS:;DIR:INB;
x-microsoft-antispamBCL:0;
x-ms-exchange-crosstenant-network-message-id 30409474-67e6-4d1f-ea2f-08dc457abd86
x-ms-exchange-crosstenant-originalarrivaltime16 Mar 2024 05:34:24.7205 (UTC)
x-ms-exchange-crosstenant-fromentityheaderInternet
x-ms-exchange-crosstenant-ide44873dc-54c1-425a-8c70-6bd6ee571de4
x-ms-exchange-transport-crosstenantheadersstampedPH8PR04MB8734
x-ms-exchange-transport-endtoendlatency00:00:06.0224564
x-ms-exchange-processed-by-bccfoldering15.20.7386.020
x-ms-exchange-senderadcheck1
arc-seali=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=T/Y8eh8O1gEdQnyV4G44SJGoKjlYPu/aauxwaLHZyimHbL2xyopLjPM2PEn4qpvXDAxWAPJr3y/G50OfrFTrWwZHZQEDY6heBrlrOKrwyhYRX29Lt6F5xhk+chEVshPk6nuEBgoa26czAr93D9DJWrpQxCE63sTqGVqW7b6aFwRw4Ie7883lpdLms+g/amw/TBykcIm9rKZQpcWg4hvRFrom3vyJf3bxpG5go2B1yL313el3nxSVD+H3bWJDbV2RHQ97YyOyrgEWOFW0uAbvRhvYTLUmTU7h4E85Wm2fSU+Ay1pRAphR1AdIGWTICGWtpGLbVjLqLT90Xo8qkpAhDA==
arc-message-signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KI0OxUY3/mAf4H13aMUKEkcYqL4BHjCyNIFNYaduhkc=; b=fo4kYpLDjNL0B9Q8Anv1SU+wEM/eQd52D6m44PqzfESoUSBCjMhlnxz/ydjhOny5/LsYcWgq3TebMh3pQ2NCGEBbp81Vl5IafxgNBYGhYomdlsWaGZIJS5Na+kFDNSumsbgBL16eqDvGpBmFODJAojf+Nf7W7C5jZTQQiqVOqmJ52bQqeWl2oQeIVxNQTxbzF0wxxg9MIIx3XxmoUlIpXIOFhDHQ1tavxsGjqrpoB8+QCaBdWc+ZG+gn12vaFsQI3lPxre+HKOIs4VLe4rvRpYXT/8hq6Iq+0O0y0OZM7jVeiyvdgCZItXFIE3EPPSWgoy66LUPPBFLY94ZdfEptRw==
arc-authentication-resultsi=1; mx.microsoft.com 1; spf=none; dmarc=pass action=none header.from=globalassociatesbiz.onmicrosoft.com; dkim=pass header.d=globalassociatesbiz.onmicrosoft.com; arc=none
x-eopattributedmessage0
x-eoptenantattributedmessagee44873dc-54c1-425a-8c70-6bd6ee571de4:0
authentication-results-originalrelay.mimecast.com; dkim=pass header.d=globalassociatesbiz.onmicrosoft.com header.s=selector1-globalassociatesbiz-onmicrosoft-com header.b=fXHjYQLY; arc=pass ("microsoft.com:s=arcselector9901:i=1"); dmarc=none; spf=pass (relay.mimecast.com: domain of APC01-SG2-obe.outbound.protection.outlook.com designates 52.100.164.238 as permitted sender) smtp.helo=APC01-SG2-obe.outbound.protection.outlook.com
x-forefront-antispam-report-untrusted CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:;PTR:;CAT:NONE;SFS:(13230031)(50650200018)(376005)(366007)(1930700014)(61400799018)(32400700002);DIR:OUT;SFP:1501
x-microsoft-antispam-untrustedBCL:0
x-microsoft-antispam-message-info-original 0olEvkipm3JCZA6f8F2I2HcHMxMbAy1UFQaI0BbU3iy/r18Xf+5kY3lX8Js4HOvR4B04b0Rch4T0uMS8FxSVDXxplMoVgeWskEtPXdJ6AWLxZL2JOfGmyaEsRmtN7RdNL7Vt3WaY8b+UcWz7lfyKyQnejrm2JHU475AfyUeJ6E9LQhzHH3zKJkdB3+jbF7BiN6S0yLPZiUswKZ+E8x1Sv65GNLtXZEUcDItFa107GPj+r9F4RMSjOB94OiTg/hlzC66owUjUgm14HfKqsB8DJAsdlNbm39Nm5DvNHfJGSNvQx4Wrhi83OKE37wDxLULz/qIQ2diMZ7PKPXNJecrIr5qCyzrTU9B+nAjWp0VczyzNHhdQB0QpKCAfXC7VQMowhIbZ8731vm/KDJuaH8tcr25I47ZZWOa7fthPRCWNWQ6C6j09y1CEvftiQZksb4mak2QkmbG2LEpgcPWtgGuIpGWxoRBJEexVwr8IZ7Hm+DaNB2GQApnukybRrIAsbv+fXj94ZR/F4p51gI3XwBkmlTYtaavkSWS9hhn2U6VEsztJUe9+lprpEqv2qZpetqzP+L8F+/vBKB1GNhxgzEIA5lBCJMdxdhhHvPOqqRKWzT5Uaxd4w6OLKQt28IYTh5wstjbekdIaisG7HyU+uNLu4t0fhJ7CQu6nb5Tl3SYBZX3zA1glHNiJ7xE4388K5Nez/bf86bnfn0P0S6ieTpAivNKc+Heg5QzhBATED5FYibQ26g19YEBatsKVcgJqJPZOKNtosR7Znis+nsVrQ6WOLKXqrsfLOfwSAJrjPy72mk61xbCrHjZ6JdLUvbAcKmJH
x-ms-exchange-transport-crosstenantheadersstripped SJ1PEPF00001CEA.namprd03.prod.outlook.com
x-ms-exchange-atpmessagepropertiesSL
x-ms-exchange-crosstenant-authasAnonymous
x-ms-exchange-crosstenant-authsource SJ1PEPF00001CEA.namprd03.prod.outlook.com
x-mimecast-spam-score-2
x-ms-exchange-message-is-ndr
auto-submittedauto-replied
x-ms-exchange-antispam-relay0
X-Microsoft-Antispam-Mailbox-Delivery ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(4710097)(4711095)(920097)(930097)(140003);
X-Microsoft-Antispam-Message-Info 7vBXF2LlZyvRRzw7U2pc984PmPTJDDs9BCABpYhvoP9h3Y0FNHWFNbHrxh3ZKo0zx9oplPSOV0yf/hzlPIOKKaDctG6+gemOlWhMUyNpKh45YM3Cemp05XAKnFIzFWZ3cWRlA4dXKYtG/X0BIVrA0z5klKKknRN/Uj0C2VDpQD1hcUEcqcDXKa7yW7Xa5ZHXOgvdVE5zk0r9yHX+A8odvRNB50gx7+8RRc05n61gRJ1P8+GS3dKzUqzfsYyCAtGR2peFVtkFYblg0+D97m1YxRgQGj6a6ibdJwRRSEHhYz+2eKH/Bj0gmsuNUkXdTduo8dmlUb33PWzyOVX2/LmGWLllCnsXsL+cbQmowsjlXQcrDKgqkKTWmNu0ghW+JMsigVZOYrwkWK+2zlSpxCtZyT13NkmPK2cjmrShFGQNy1pJ2qiYmqZWo0RT3C/zGTpzyfToEwZM1hNjnEQUjklsWqKmVBmTWuPpfjq/Co+qIQHqSG95AeWLkSeuIqJNnCV+V3HMoslvTJsVTKYdV0XSkLmHQDa7DLQ9KY+GGjuWvTKW9mEX6SNqx6ijW7eKfUCQB1U5psAjk3xSpQ4n4KiAhPm4JOJgCcvlnqJHtUgqx9kX+EMjXSXWxsvmjxdVeCzHQZQCb6qLAESH3g6oywijbOtRi5uAxEq5DEaGys7SrC7iTZfdM+1BvEEU0kZk/9oRSmCtbAnt9BfpRJNcDPa1qiV3H6J61rfQs5VSTY5pPhDpU3S39YVf8OOW5QiKT8+CKw+XqxfRgEuMQ/90eLdW5j3moQIJdzpW5H85IARiVeERjKIkJmISrrn6OfLaX/xnYvXYKHehuH/Dgj/+xq/gd1GoTiJ0bg1ebaBuT+jvyXtAyQbJ8q3R8qmzoWgWWZtYLBT1jsCqDSAdpzD8NYhmwmjy4W1L0zX+eoFink5wdsu0srzHuRRljQpB5LWSVBZCayRbhXkS0VZu9w5W5xBJdoMs0cEQyCp6y0ZrU3iL3ZllREjVtQc6Nh6KBMC7EO+TZaEgsmAwJPGKoWBn+MfR64UOQwECQoyuC1HNCphjh/Fu9izPFtM+OgR5GD+EdNEKQkH79QWX1ClGoXGPUhtyixsBdLuwKnY1p0rCvC8IFtXuuup3J9/CexZXyYiXzk/Rv51tJg4sAeL40t2WbLbqZ0EUmSd8rnKR+i350PSy1I3pKWcYuatZ1liCJJRbcLPa2Uy2RDwICSxPX+935XrciwyDNZX4F3p82rOonuEGvOQP8CNVZ8z6yb4ww6OSIEw4uB7rzUR3oBZ6SroIGaNOWA==
Content-Typemultipart/report; boundary="_000_0b8ae223bc944fd5916ce9fafa1bb9e4SEZPR02MB6745apcprd02pr_"; report-type="delivery-status"
MIME-Version1.0

File Icon

Icon Hash:46070c0a8e0c67d6

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:16:11:37
Start date:28/08/2024
Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Wow64 process (32bit):true
Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Undeliverable_ Not read_ Who is the best point of contact_.eml"
Imagebase:0x400000
File size:34'446'744 bytes
MD5 hash:91A5292942864110ED734005B7E005C0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:2
Start time:16:11:44
Start date:28/08/2024
Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "6EDD125C-B569-4098-A1CB-466123FEB808" "478F60CF-2EAC-4C79-88CF-7F6F173E0024" "7524" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Imagebase:0x7ff61ce10000
File size:710'048 bytes
MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

Disassembly

No disassembly