Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Remmitance advice forHscni.msg

Overview

General Information

Sample name:Remmitance advice forHscni.msg
Analysis ID:1523278
MD5:1d0474b74e0cc30bc7065b0b453249dc
SHA1:e8493447a52572bc586bc8d7ca02c3772e57a9b1
SHA256:1eeba68e5375e614c2afbfdeeee44a0611734489949544048095af27082724f7
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 2076 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Remmitance advice forHscni.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1492 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "388AA240-9E71-4F26-A0C8-634E76D54D16" "12C360AC-2DD1-4039-AA67-B4F9D5F993C9" "2076" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2076, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.aadrm.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.aadrm.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.cortana.ai
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.office.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.onedrive.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://api.scheduler.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://app.powerbi.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://augloop.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://canary.designerapp.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.entity.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cortana.ai
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cortana.ai/api
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://cr.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://d.docs.live.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dev.cortana.ai
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://devnull.onenote.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://directory.services.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ecs.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://graph.windows.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://graph.windows.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://invites.office.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://lifecycle.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://login.windows.local
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://make.powerautomate.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://management.azure.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://management.azure.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://messaging.office.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://mss.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ncus.contentsync.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://officeapps.live.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://onedrive.live.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office365.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office365.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://res.cdn.office.net
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://service.powerapps.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://settings.outlook.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://staging.cortana.ai
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://substrate.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://tasks.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://wus2.contentsync.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winMSG@3/16@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T0621020646-2076.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Remmitance advice forHscni.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "388AA240-9E71-4F26-A0C8-634E76D54D16" "12C360AC-2DD1-4039-AA67-B4F9D5F993C9" "2076" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "388AA240-9E71-4F26-A0C8-634E76D54D16" "12C360AC-2DD1-4039-AA67-B4F9D5F993C9" "2076" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1523278 Sample: Remmitance advice forHscni.msg Startdate: 01/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 65 141 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:1443273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.net273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectors273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/appinfo/query273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://powerlift.acompli.net273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://lookup.onenote.com/lookup/geolocation/v1273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://cortana.ai273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/imports273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://cloudfiles.onenote.com/upload.aspx273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://entitlement.diagnosticssdf.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://api.aadrm.com/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://ofcrecsvcapi-int.azurewebsites.net/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://canary.designerapp.273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://ic3.teams.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://www.yammer.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://api.microsoftstream.com/api/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalseunknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://cr.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
  • URL Reputation: safe
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    		unknown
    https://messagebroker.mobile.m365.svc.cloud.microsoft273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://otelrules.svc.static.microsoft273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalseunknown
    https://portal.office.com/account/?ref=ClientMeControl273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/c2r/v1.0/DeltaAdvisory273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://edge.skype.com/registrar/prod273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://graph.ppe.windows.net273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://res.getmicrosoftkey.com/api/redemptionevents273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerlift-frontdesk.acompli.net273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://tasks.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://officeci.azurewebsites.net/api/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://sr.outlook.office.net/ws/speech/recognize/assistant/work273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.scheduler.273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://my.microsoftpersonalcontent.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalseunknown
    https://store.office.cn/addinstemplate273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.aadrm.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://edge.skype.com/rps273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office.com/autosuggest/api/v1/init?cvid=273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalseunknown
    https://globaldisco.crm.dynamics.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://messaging.engagement.office.com/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dev0-api.acompli.net/autodetect273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://www.odwebp.svc.ms273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://api.diagnosticssdf.office.com/v2/feedback273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/groups273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://web.microsoftstream.com/video/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.store.officeppe.com/addinstemplate273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://graph.windows.net273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dataservice.o365filtering.com/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://officesetup.getmicrosoftkey.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://analysis.windows.net/powerbi/api273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://prod-global-autodetect.acompli.net/autodetect273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://substrate.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/autodiscover/autodiscover.json273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://consent.config.office.com/consentcheckin/v1.0/consents273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://d.docs.live.net273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalseunknown
    https://safelinks.protection.outlook.com/api/GetPolicy273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ncus.contentsync.273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalseunknown
    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    http://weather.service.msn.com/data.aspx273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://apis.live.net/v5.0/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://officepyservice.office.net/service.functionality273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://templatesmetadata.office.net/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://messaging.lifecycle.office.com/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://mss.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://pushchannel.1drv.ms273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://management.azure.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://wus2.contentsync.273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://incidents.diagnostics.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/user/v1.0/ios273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://make.powerautomate.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.omex.office.net/api/addins/search273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://insertmedia.bing.office.net/odc/insertmedia273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/api/v1.0/me/Activities273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.office.net273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://incidents.diagnosticssdf.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://asgsmsproxyapi.azurewebsites.net/273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/user/v1.0/android/policies273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://entitlement.diagnostics.office.com273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown
    https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json273786A5-DFEF-4B32-A71F-853CEAD24FB4.0.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1523278
    Start date and time:2024-10-01 12:20:01 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 26s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:6
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:Remmitance advice forHscni.msg
    Detection:CLEAN
    Classification:clean1.winMSG@3/16@0/0
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .msg

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.109.76.243, 2.19.126.160, 2.19.126.151, 20.189.173.14, 20.42.65.84
    • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, onedscolprdeus02.eastus.cloudapp.azure.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, onedscolprdwus13.westus.cloudapp.azure.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
    • Report size getting too big, too many NtQueryAttributesFile calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.

    Simulations

    Behavior and APIs

    No simulations

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):231348
    Entropy (8bit):4.392895292281259
    Encrypted:false
    SSDEEP:1536:BvYLuvgs/sprExYFCgs1sTNcAz79ysQqt2ULh0qoQvXrcm0FvKz1yzS4G6wGDT6D:CKgBSLgFmiGu2RqoQ/rt0FvBJsbLcHO
    MD5:767D0E2D94FA5AE2AF0CA192CA2C87C0
    SHA1:6123629D4120889B88DC8F3EAC91E6ADA93FBE82
    SHA-256:703CCC79462A7666A39D5B229FF8BB6D7EB7E5CDAD10F7D6F920ED4D9D8DE6DD
    SHA-512:87848DC56D4F8FD9D607B9C9EB384CC5BDF4862E757E42038FC3CF2B9E2E898CDCEB498CF92A484F642C850AFFF25DEE958C067765CD96981730EECDF5A82F2A
    Malicious:false
    Reputation:low
    Preview:TH02...... .pi.........SM01X...,....8.............IPM.Activity...........h...............h............H..h..o..... .*....h.........P..H..h\alf ...AppD...hH9..0....o....h..e............h........_`.j...h..e.@...I..v...h....H...8..j...0....T...............d.........2h...............k..............!h.............. h.^........o...#h....8.........$h.P......8....."h..............'h..............1h..e.<.........0h....4.....j../h....h......jH..h....p.....o...-h .......,.o...+h..e.......o................. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with very long lines (65536), with no line terminators
    Category:dropped
    Size (bytes):322260
    Entropy (8bit):4.000299760592446
    Encrypted:false
    SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
    MD5:CC90D669144261B198DEAD45AA266572
    SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
    SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
    SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
    Malicious:false
    Reputation:high, very likely benign file
    Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with no line terminators
    Category:modified
    Size (bytes):10
    Entropy (8bit):1.9609640474436814
    Encrypted:false
    SSDEEP:3:LC8n:t
    MD5:BD10D57D78E3ECE8C61A3E3EEE35C772
    SHA1:42B4541A8369BBD4E8AD04016E1C6A2C00178E84
    SHA-256:F7C0F8388D325A11053D9F31DE928778B6F7F4C00A41B11CCF9491857C41E295
    SHA-512:2A58AE6E17C09023310F66287C64B550D03434C04062277C393DFFB2DCD30B2FCEBFEBAA28647042F4FB48D0DE1AA9474CA6B02D460EA159BF16478D0EECA9E8
    Malicious:false
    Reputation:low
    Preview:1727778070

    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\273786A5-DFEF-4B32-A71F-853CEAD24FB4

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):177088
    Entropy (8bit):5.286722672368333
    Encrypted:false
    SSDEEP:1536:ii2XfRAqcbH41gwEwLe7HW8bM/o/NM5cAZl1p5ihs7EXXCEAD2OdaLI:XCe7HW8bM/o/9XPkiI
    MD5:C8CC315EF322CF3A685A42B1A2ED2CAD
    SHA1:383C975D6109945B93D396CF6D1D269DEC592E70
    SHA-256:4BFD579BAC683B0BD9EB88FC844DA0CDFE3A55AD85EEDF3E727320AF902CB7A2
    SHA-512:DDD9CA154CEC3C7B50FEE88C3BD218B0F1FDA82407CC6EE2666FAD0CC61E9B8C83915CC69544727412269B7C2AE92316AE8A8F68E24E6C6A1C8D13F813A07063
    Malicious:false
    Reputation:low
    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-01T10:21:07">.. Build: 16.0.18112.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
    Category:dropped
    Size (bytes):4096
    Entropy (8bit):0.09304735440217722
    Encrypted:false
    SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
    MD5:D0DE7DB24F7B0C0FE636B34E253F1562
    SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
    SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
    SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
    Malicious:false
    Reputation:high, very likely benign file
    Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):4616
    Entropy (8bit):0.13784977103055013
    Encrypted:false
    SSDEEP:3:7FEG2l+m4/FllkpMRgSWbNFl/sl+ltlslN04l9Xll2:7+/l7gg9bNFlEs1E39+
    MD5:8714E3D14F551CD73E1349DA716A6015
    SHA1:3E5127739428EE977C0796ED5508DDF7E2131F83
    SHA-256:5EA3E94E2EE178984DDCEAF48189B09382DB97608BEDB2938C0CA7E91C9BB334
    SHA-512:1E165D08DC6A8443AB16C0816F3DC4D96D3040B060D4584C00BF46A6895D9C4B04AD47F133B0F6F952FD137A50C67DC413614CA12F0020FE3C29DD0FB647AA59
    Malicious:false
    Reputation:low
    Preview:.... .c......MS.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):32768
    Entropy (8bit):0.04453019294463052
    Encrypted:false
    SSDEEP:3:G4l2qiOtwiCl2qiOtwX/WlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2qiQYl2qiQfL9XXPH4l942U
    MD5:2ED6AD64EB10BCFD90606BE4E3D0C255
    SHA1:0B8E8E4F5FAF5118B7FD9648DC4A7EB38AFFF81F
    SHA-256:D07952C82AA1552F805FAD27E950F9D152B9C20ED98D830CE96E653C49A62613
    SHA-512:F07E9C07E4ACA0FF32827646CFF47CD6B81BA61E5FAFD9B99D9979E3B3118146F681A27B2B0630B7B35900A73F596E8396270FE274CB9384BF1152DD82EA9AE0
    Malicious:false
    Reputation:low
    Preview:..-.....................h..\&...*.F.].^.....U....-.....................h..\&...*.F.].^.....U..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:SQLite Write-Ahead Log, version 3007000
    Category:dropped
    Size (bytes):45352
    Entropy (8bit):0.39476784240483254
    Encrypted:false
    SSDEEP:24:Kf5tYiQMIzRD78Iill7DBtDi4kZERDcSxqt8VtbDBtDi4kZERDc2c:yYiQjtill7DYMZxO8VFDYM
    MD5:C70E4B7AD00AE7CF97C53CA5DF58E63D
    SHA1:ED317649D40B6AEE0D7C562FCB72F0F5AA69F4BF
    SHA-256:9123B9250EDA2DCB6D604DFC23E299FC6E6EAAEBF5ECBE2B05F706818A756B30
    SHA-512:4C1F9CE4E7728D17E3BB39E6CE7BA218D7ECC154A73DD7F1D68DCF5402ADDA036B5518698C8B47D29B91E1EBD31EC0BB95915EEF8CC4FA3B3C6365F76BCF2471
    Malicious:false
    Preview:7....-..........*.F.].^.^-.=.s|?........*.F.].^.)n....1SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727778064644700400_537A6409-5C84-4682-BF6A-79CADC8AE8B6.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:ASCII text, with very long lines (28727), with CRLF line terminators
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.16091246416464042
    Encrypted:false
    SSDEEP:1536:vW4bhTMCNYHTfOzI0NpRZXbfkCrhuXSO+stj1Y4Pr9ixE8ErVt7Bf:p4C6HLyI0dtPaH/
    MD5:CDF04902033BF9D0F74566F0F9A3BAC4
    SHA1:990CD6C2906D532433B93A225A0CE22C2C3A7BF9
    SHA-256:84DB1737A5B60FC99F3E11FCF018DA7A7937A6EF0EA1C2E6F43961CF510E3132
    SHA-512:0E72D436FB9D832188CBF8CF17A8102F943E12E07DEDC2A9EE2079F0998169C3521E31653C716FFDFD2770F1BB7FD8D99C8FC6DEDE019682399CCC165F59E6B6
    Malicious:false
    Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/01/2024 10:21:04.865.OUTLOOK (0x81C).0xA34.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-10-01T10:21:04.865Z","Contract":"Office.System.Activity","Activity.CV":"CWR6U4Rcgka/annK3Irotg.4.9","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/01/2024 10:21:05.490.OUTLOOK (0x81C).0xA34.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-01T10:21:05.490Z","Contract":"Office.System.Activity","Activity.CV":"CWR6U4Rcgka/annK3Irotg.4.10","Activity.Duration":571106,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVers

    C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727778064645294400_537A6409-5C84-4682-BF6A-79CADC8AE8B6.log

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):20971520
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:3::
    MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
    SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
    SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
    SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
    Malicious:false
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T0621020646-2076.etl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):94208
    Entropy (8bit):4.470467730682132
    Encrypted:false
    SSDEEP:768:CyLwQ+XVP66o0t4lq9uJqgXP0io1gIk0WJWSWiWE:w4lq9uJNXsm
    MD5:8BD1DDFA3ECECE6FC1E6020AB430F554
    SHA1:4B7B8F8D39EF2547708AE7FF8286D5A278B5D7C5
    SHA-256:14AD627528162CBBE989FA7F5F661DEF93DB78BEAE50416189FDAF178FC58899
    SHA-512:36785AC1DA91AA29AEA3D8EB72A1EF9BC2AB8FF192152160A257D3318E92CFC50CC12FCF31664740A21D4DFECAAB43865E481741CCE66970479060AF2AFF8622
    Malicious:false
    Preview:............................................................................b...4...............................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..........................................................................................v.2._.O.U.T.L.O.O.K.:.8.1.c.:.6.b.3.8.7.7.0.f.7.1.f.1.4.b.0.c.8.2.8.9.3.7.3.b.4.f.f.9.5.d.1.e...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.1.T.0.6.2.1.0.2.0.6.4.6.-.2.0.7.6...e.t.l.............P.P.4...............................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\~DFE17F3A34252433B7.TMP

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):163840
    Entropy (8bit):0.4276734964444181
    Encrypted:false
    SSDEEP:192:Hh3xesjgenMAfL0Z4GqkjAzZJc/F+Y4cvU5oitOAN/J2Ngz0XHWQJoqAbAWZNh/:vCAfICKZFt4cvUWigWJZz0XHJoqM
    MD5:6840C67CA40B904C173251BED377B607
    SHA1:4EE0C0848219CA936BCB3E07ABAEEE0C3567B85D
    SHA-256:F4109F59B2B8E483B9F92B5BE3A7D02A44B336F7F2B8F0C570D3E8CA544B895A
    SHA-512:88966FEAA71C3536DCC48846ED58C2B09B1F23A3353747A985BAE65E4E1DFAD31D8E8D4C01B987872DEE7465A7D86C136C4814B0D487BB8985645BE00B6D1E25
    Malicious:false
    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):30
    Entropy (8bit):1.2389205950315936
    Encrypted:false
    SSDEEP:3:5Zlzlt:Zzl
    MD5:729A49B6A571F4DC6792D51EC6D871DC
    SHA1:94BF42AC746D8D31462DE8F98833A289BD8048CD
    SHA-256:0B000300E7EDF20140FDD49DC21E8AF249B3D84F3D04561B5DD3EBBF171E8B93
    SHA-512:C492BD9B317DB37A70DA2D0446512E0D00CE56C16F2EAC58850B5FDD1C96D5852DE4FAFA5FC32E46887ECD16EE54D351FB3AFE1981A15B937E3B5669083DC96E
    Malicious:false
    Preview:.....[........................

    C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:Composite Document File V2 Document, Cannot read section info
    Category:dropped
    Size (bytes):16384
    Entropy (8bit):0.6704798764553939
    Encrypted:false
    SSDEEP:12:rl3baFNkqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCrWp:r63mnq1Py961u
    MD5:CE3237302EA1FE1D502FBE4DB37C9F79
    SHA1:E0008F538BF4422744791D0CFC93DC658A40ECAF
    SHA-256:5CD9B441B592BB590C0B9A4A060B65CCE3A2C0E29F725287BCD4B86328E6E582
    SHA-512:DA90BA66B4ADE701D20BAEDA57758456F6522625C259110770B8F431D50E47EDEABDBC6829EB4BDACFA0B35C194C25C0D2FDC97D5E4366EB56A86F6A0C3BB898
    Malicious:false
    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:Microsoft Outlook email folder (>=2003)
    Category:dropped
    Size (bytes):271360
    Entropy (8bit):1.5367819912905625
    Encrypted:false
    SSDEEP:768:4QcsSzm+sviIUo+okh9CrytvFBfU1unGvjR8BUTIZt:eIi8o3GefY1jReNZt
    MD5:8B6723F3CAC9EF63FC37426ADDC7326F
    SHA1:2AD216007F54AFE2DBAE48DC3FB76C0D6DF075C3
    SHA-256:A60CA1D6E7B0818FBC8551E2165B01DD6EFFEDE4E18EA978E4D5EC5C2532AE34
    SHA-512:765DB8C6FB2F673862890B56B89564EB11E9B2B7A4D26069E87252295234CC1516F6679D7205344E73867F8F0D2DF1C759225704A61ECA4EBDB7A420FB4FDA0B
    Malicious:false
    Preview:!BDN:b.SM......\....S..................\................@...........@...@...................................@...........................................................................$.......D.......=..........................................................................................................................................................................................................................................................................................................................H........z...1......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
    File Type:data
    Category:dropped
    Size (bytes):131072
    Entropy (8bit):1.2778263942128656
    Encrypted:false
    SSDEEP:384:mE9G0yYjTIXJrDeqqHIeqFBlJIfPxW+ZG0yO4rHWHl7uCrp1RT:X8BUTIZrMIn7AeBfarp
    MD5:E71F38B58C1DACFDE9398B79C7BAE026
    SHA1:619B5FEF832E12598F44DDA74A24F4F45EEB917F
    SHA-256:34942A6477A6450A34CD069C386BB4A34CE7046185B204F24DC35A61036F08A7
    SHA-512:D7B709EC5D198707E7B59AD2D36C551C9B7963E52DB083FEDC169E2B27E1BC1DAC96F0A1105DD212C5E106F6EAF6AB333B43C13204379D1BFC2F60A5BD05BA01
    Malicious:false
    Preview:BH..C...T...........<|k.......................#.!BDN:b.SM......\....S..................\................@...........@...@...................................@...........................................................................$.......D.......=..........................................................................................................................................................................................................................................................................................................................H........z...1..<|k..........<............#.....LAAAAAAA..nA.AAA6AbA/AAA.A.6&AAAbA.6.AAA.A.6X6AAA..6..AA...6A.AA...6..AA...6&.AA...6..AA5..6XbAA...6.AA...6X.AAG..6..AA...6AbAA-..6L.AA...6&bAA}..6A.AA...6L.AA?..6..AA...6..AA...6&.AA1..6..AA...6.bAAH..6..AA_..6X.AA...6LbAA9..6..AA...6.bAA...6..AA8..6&.AA...6..AA%..6A.AA...6X.AAF..6.bAAN..6&.AA...6.bAA...6..AA...6L.AAq..6A.AAB..6&.AA...6..AAJ..6X.AA...6.!AA...6L.AAW..6.!AA...6..AA...6

    Static File Info

    General

    File type:CDFV2 Microsoft Outlook Message
    Entropy (8bit):4.244204033867956
    TrID:
    • Outlook Message (71009/1) 58.92%
    • Outlook Form Template (41509/1) 34.44%
    • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
    File name:Remmitance advice forHscni.msg
    File size:472'064 bytes
    MD5:1d0474b74e0cc30bc7065b0b453249dc
    SHA1:e8493447a52572bc586bc8d7ca02c3772e57a9b1
    SHA256:1eeba68e5375e614c2afbfdeeee44a0611734489949544048095af27082724f7
    SHA512:fd6e7cdb4606e16ed5d9faa793b8e240b64fcbbc6696eb4d0a642e23110fdad31bf5b023c0522c1ecffadbc79cce1b179c94912cf6fc02ab8303627978c889e1
    SSDEEP:768:vzBQNuYCwluH+WsKxWsK6fWsKf6HpY2AN5Z1UIgo+I7DNhN/ltpzk5CWsKHZNYMd:7BQNuAW5W8WaHpY2ELUI3WbgRGM7J8i
    TLSH:C7A4A33792E8C646FA32797584DB8C820E8E5D1AADF8C13D16B5809BED3A8DCC174D71
    File Content Preview:........................>......................................................................................................................................................................................................................................

    Static Mail

    General

    Subject:Remmitance advice forHscni
    From:purchase ledger <diane@kevingreenwealth.co.uk>
    To:<complaints.sppg@hscni.net>
    Cc:
    BCC:
    Date:Mon, 30 Sep 2024 17:20:07 +0200
    Communications:
      Attachments:
      • Swift_ach Complaints.sppgCQDM.html

      Headers

      Key Value
      Receivedfrom [127.0.0.1] (198.244.221.46) by
      1520:50 +0000
      by CWLP265MB6609.GBRP265.PROD.OUTLOOK.COM (260310a6:400:1dd::13) with
      2024 1520:08 +0000
      (260310a6:10:2b4::10) with Microsoft SMTP Server (version=TLS1_2,
      Transport; Mon, 30 Sep 2024 1520:08 +0000
      Authentication-Resultsspf=pass (sender IP is 40.107.20.101)
      Received-SPFFail (protection.outlook.com: domain of kevingreenwealth.co.uk
      15.20.8026.11 via Frontend Transport; Mon, 30 Sep 2024 1520:47 +0000
      2024 1620:47 +0100
      Transport; Mon, 30 Sep 2024 1620:47 +0100
      X-FEAS-DKIMValid
      Authentication-Results-Originald1lvfort-seg03.hscni.net; spf=pass
      (hscni.netdomain of Diane@kevingreenwealth.co.uk designates 40.107.20.101
      ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
      ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
      h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
      ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=fail (sender ip is
      DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed;
      for <complaints.sppg@hscni.net>; Mon, 30 Sep 2024 1620:09 +0100
      by AM8PR07MB7364.eurprd07.prod.outlook.com (260310a6:20b:234::20) with
      X-MS-Exchange-Authentication-Resultsspf=fail (sender IP is 198.244.221.46)
      via Frontend Transport; Mon, 30 Sep 2024 1520:08 +0000
      Content-Typetext; name="Swift_ach Complaints.sppgCQDM.html"
      Content-Transfer-Encodingbase64
      Content-Dispositionattachment;
      Frompurchase ledger <diane@kevingreenwealth.co.uk>
      To<complaints.sppg@hscni.net>
      SubjectRemmitance advice forHscni
      Message-ID<6539c7ef-8732-1a74-58f1-28b91d94fe0a@kevingreenwealth.co.uk>
      DateMon, 30 Sep 2024 15:20:07 +0000
      MIME-Version1.0
      X-EOPAttributedMessage1
      X-MS-TrafficTypeDiagnosticDB1PEPF00039233:EE_|AM8PR07MB7364:EE_|LN2PEPF000100CB:EE_|CWLP265MB6609:EE_|CWLP265MB4205:EE_
      X-MS-Office365-Filtering-Correlation-Ida9f931bb-91bb-4e27-b22a-08dce16375ee
      X-MS-Exchange-SenderADCheck1
      X-MS-Exchange-AntiSpam-Relay0
      X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|36860700013|34070700014|82310400026|376014|1800799024|2613699012;
      X-Microsoft-Antispam-Message-Info-Original=?us-ascii?Q?SfhHd5uIG5h+2lBpbZhvEn0ZUxur/9KIa6s5HuffYVMQ+1X4mNsYNWBBkoAA?=
      X-Forefront-Antispam-Report-UntrustedCIP:198.244.221.46;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:[127.0.0.1];PTR:ip46.ip-198-244-221.eu;CAT:NONE;SFS:(13230040)(36860700013)(34070700014)(82310400026)(376014)(1800799024)(2613699012);DIR:OUT;SFP:1102;
      X-MS-Exchange-Transport-CrossTenantHeadersStampedCWLP265MB6609
      X-FE-Attachment-NameSwift_ach Complaints.sppgCQDM.html
      X-FEAS-DeferredFortiSandbox
      X-FEAS-Client-IP40.107.20.101
      X-FE-Last-Public-Client-IP40.107.20.101
      X-FE-Envelope-FromDiane@kevingreenwealth.co.uk
      X-FE-Policy-ID0:1:2:hscni.net
      Return-PathDiane@kevingreenwealth.co.uk
      X-EXCLAIMER-MD-CONFIG37216d10-4eef-4ad1-abf4-9cee3d15b130
      X-OrganizationHeadersPreservedD1LVHSCMSX02.hscni.net
      X-MS-Exchange-Organization-ExpirationStartTime30 Sep 2024 15:20:47.6357
      X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
      X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
      X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
      X-MS-Exchange-Organization-Network-Message-Ida9f931bb-91bb-4e27-b22a-08dce16375ee
      X-MS-Exchange-Organization-MessageDirectionalityOriginating
      X-MS-Exchange-SkipListedInternetSenderip=[40.107.20.101];domain=EUR05-DB8-obe.outbound.protection.outlook.com
      X-MS-Exchange-ExternalOriginalInternetSenderip=[40.107.20.101];domain=EUR05-DB8-obe.outbound.protection.outlook.com
      X-CrossPremisesHeadersPromotedLN2PEPF000100CB.GBRP265.PROD.OUTLOOK.COM
      X-CrossPremisesHeadersFilteredLN2PEPF000100CB.GBRP265.PROD.OUTLOOK.COM
      X-MS-Exchange-Transport-CrossTenantHeadersStrippedLN2PEPF000100CB.GBRP265.PROD.OUTLOOK.COM
      X-MS-PublicTrafficTypeEmail
      X-MS-Exchange-Organization-AuthSourceD1LVHSCMSX05.hscni.net
      X-MS-Exchange-Organization-AuthAsAnonymous
      X-OriginatorOrghscni.net
      X-MS-Office365-Filtering-Correlation-Id-Prvs7919d574-db23-4630-3573-08dce1635e6f
      X-MS-Exchange-Organization-SCL1
      X-Microsoft-AntispamBCL:0;ARA:13230040|12062699021|35042699022|82310400026|2613699012|43540500003;
      X-Forefront-Antispam-ReportCIP:194.168.231.186;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:EUR05-DB8-obe.outbound.protection.outlook.com;PTR:mail-db8eur05on2101.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(12062699021)(35042699022)(82310400026)(2613699012)(43540500003);DIR:INB;
      X-MS-Exchange-CrossTenant-OriginalArrivalTime30 Sep 2024 15:20:47.5888
      X-MS-Exchange-CrossTenant-Network-Message-Ida9f931bb-91bb-4e27-b22a-08dce16375ee
      X-MS-Exchange-CrossTenant-Id8d733bf0-442e-4449-b747-a765ea359ff8
      X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIpTenantId=8d733bf0-442e-4449-b747-a765ea359ff8;Ip=[194.168.231.186];Helo=[Hscni.net]
      X-MS-Exchange-CrossTenant-AuthSourceD1LVHSCMSX05.hscni.net
      X-MS-Exchange-CrossTenant-AuthAsAnonymous
      X-MS-Exchange-CrossTenant-FromEntityHeaderHybridOnPrem
      X-MS-Exchange-Transport-EndToEndLatency00:00:03.1918121
      X-MS-Exchange-Processed-By-BccFoldering15.20.8005.023
      X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
      X-Microsoft-Antispam-Message-Info=?us-ascii?Q?3qLO15i1gIAiFLIYgMQusfqp5kS5PS1+FaSpce2we5z8PzBxf446OntaPvew?=
      dateMon, 30 Sep 2024 17:20:07 +0200

      File Icon

      Icon Hash:c4e1928eacb280a2

      Network Behavior

      No network behavior found

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:06:21:01
      Start date:01/10/2024
      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
      Wow64 process (32bit):true
      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Remmitance advice forHscni.msg"
      Imagebase:0x250000
      File size:34'446'744 bytes
      MD5 hash:91A5292942864110ED734005B7E005C0
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:false

      General

      Target ID:2
      Start time:06:21:07
      Start date:01/10/2024
      Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "388AA240-9E71-4F26-A0C8-634E76D54D16" "12C360AC-2DD1-4039-AA67-B4F9D5F993C9" "2076" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
      Imagebase:0x7ff679190000
      File size:710'048 bytes
      MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:false

      Disassembly

      No disassembly