Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml

Overview

General Information

Sample name:4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml
Analysis ID:1523644
MD5:b7a2983907085c64a58fd73a50245b09
SHA1:1fb80e381050345c1541509e04452f73cd47488a
SHA256:bd7413d423ae5ff3fe45a2bdc92e65ad79c3c2e938a2f47f0104c92118c946ff
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 1176 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5868 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1256FA96-3472-4A23-B9A0-807F9DDD5703" "3F876BA8-2361-4CCF-98A6-68260E9F120D" "1176" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1176, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: http://schema.org/Creat=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: http://schema.org/EmailMessage
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://CA.docusign.net/Member/Image.aspx?i=3Dlogo&l=3D487e5df5-4e9=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://CA.docusign.net/Member/Image.aspx?i=3Dlogo&l=3D487e5df5-4e91-4cb1-=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://CA.docusign.net/Member/Image.aspx?i=logo&l=487e5df5-4e91-4cb1-852c-51db4823e2b0
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://CA.docusign.net/member/Image=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://CA.docusign.net/member/Images/email/docInvite-white.png
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.aadrm.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.aadrm.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.cortana.ai
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.diagnostics.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.microsoftstream.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.office.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.onedrive.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://api.scheduler.
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://app.powerbi.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://augloop.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://augloop.office.com/v2
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://ca.docusign.net/Signing/EmailStar=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://ca.docusign.net/Signing/EmailStart.aspx?a=3D5bbcd29e-9cd=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://ca.docusign.net/Signing/EmailStart.aspx?a=3D5bbcd=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://ca.docusign.net/Signing/EmailStart.aspx?a=5bbcd29e-9cdf-4b4a-b28e-2fcc78e48557&etti=24&acct=
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://canary.designerapp.
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.entity.
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://community.doc=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://community.docusign.com/esignature-111?utm_campaign=GBL_US_PRD_AWA_2405_CommunityCTA&utm_medi
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cortana.ai
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cortana.ai/api
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://cr.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://d.docs.live.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dev.cortana.ai
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://devnull.onenote.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://directory.services.
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-a=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/emai=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-tem=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ecs.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://edge.skype.com/rps
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://graph.ppe.windows.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://graph.windows.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://graph.windows.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ic3.teams.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://invites.office.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://lifecycle.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://login.microsoftonline.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://login.microsoftonline.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://login.windows.local
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://make.powerautomate.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://management.azure.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://management.azure.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.action.office.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://messaging.office.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://mss.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ncus.contentsync.
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://officeapps.live.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://officepyservice.office.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://onedrive.live.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://otelrules.azureedge.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office365.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office365.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://powerlift.acompli.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://protect.docusign.net/report-abuse?e=3DAUtomjpFak9=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://protect.docusign.net/report-abuse?e=3DAUtomjpFak9GlbPL0z=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi11R5ua55B6ubM-iUgMbF13bwFw5v8YRuL6d
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://res.cdn.office.net
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://service.powerapps.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://settings.outlook.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://staging.cortana.ai
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://substrate.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://support.=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://support.docusig=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://support.docusign.co=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml, ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://support.docusign.com/
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://support.docusign.com/=
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://support.docusign.com/en/articl=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://support.docusign.com/en/guide=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://support.docusign.com/s/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing?language=en_
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://tasks.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://webshell.suite.office.com
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://wus2.contentsync.
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlString found in binary or memory: https://www.docusign.com/features-and-benefits/mobile?utm_campai=
Source: ~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drString found in binary or memory: https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificat
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 373679AD-14EB-4C24-A38F-BAD4F047100E.1.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/11@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T1554160415-1176.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1256FA96-3472-4A23-B9A0-807F9DDD5703" "3F876BA8-2361-4CCF-98A6-68260E9F120D" "1176" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1256FA96-3472-4A23-B9A0-807F9DDD5703" "3F876BA8-2361-4CCF-98A6-68260E9F120D" "1176" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1523644 Sample: 4f81d9eb-1e04-000f-3ee3-baa... Startdate: 01/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 51 113 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
https://service.powerapps.com0%URL Reputationsafe
https://graph.windows.net/0%URL Reputationsafe
https://devnull.onenote.com0%URL Reputationsafe
https://messaging.office.com/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://augloop.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
https://officepyservice.office.net/0%URL Reputationsafe
https://api.diagnostics.office.com0%URL Reputationsafe
https://store.office.de/addinstemplate0%URL Reputationsafe
https://wus2.pagecontentsync.0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
https://cortana.ai/api0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://shell.suite.office.com:1443373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.net373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectors373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
  • URL Reputation: safe
unknown
https://ca.docusign.net/Signing/EmailStar=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v1373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
    • URL Reputation: safe
    		unknown
    https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/emai=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
      		unknown
      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
      • URL Reputation: safe
      		unknown
      https://api.aadrm.com/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
      • URL Reputation: safe
      		unknown
      https://canary.designerapp.373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
      • URL Reputation: safe
      		unknown
      https://www.yammer.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
      • URL Reputation: safe
      		unknown
      https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
      • URL Reputation: safe
      		unknown
      https://api.microsoftstream.com/api/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
        		unknown
        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
        • URL Reputation: safe
        		unknown
        https://cr.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
        • URL Reputation: safe
        		unknown
        https://messagebroker.mobile.m365.svc.cloud.microsoft373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
        • URL Reputation: safe
        		unknown
        https://otelrules.svc.static.microsoft373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
          		unknown
          https://edge.skype.com/registrar/prod373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
          • URL Reputation: safe
          		unknown
          https://res.getmicrosoftkey.com/api/redemptionevents373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
          • URL Reputation: safe
          		unknown
          https://tasks.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
          • URL Reputation: safe
          		unknown
          https://officeci.azurewebsites.net/api/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
          • URL Reputation: safe
          		unknown
          https://my.microsoftpersonalcontent.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            		unknown
            https://store.office.cn/addinstemplate373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            • URL Reputation: safe
            		unknown
            https://edge.skype.com/rps373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            • URL Reputation: safe
            		unknown
            https://messaging.engagement.office.com/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            • URL Reputation: safe
            		unknown
            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            • URL Reputation: safe
            		unknown
            https://www.odwebp.svc.ms373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            • URL Reputation: safe
            		unknown
            https://api.powerbi.com/v1.0/myorg/groups373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            • URL Reputation: safe
            		unknown
            https://web.microsoftstream.com/video/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
            • URL Reputation: safe
            		unknown
            https://CA.docusign.net/Member/Image.aspx?i=logo&l=487e5df5-4e91-4cb1-852c-51db4823e2b0~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drfalse
              		unknown
              https://api.addins.store.officeppe.com/addinstemplate373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
              • URL Reputation: safe
              		unknown
              http://schema.org/EmailMessage4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                		unknown
                https://graph.windows.net373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://consent.config.office.com/consentcheckin/v1.0/consents373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                • URL Reputation: safe
                		unknown
                https://d.docs.live.net373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  		unknown
                  https://safelinks.protection.outlook.com/api/GetPolicy373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://ncus.contentsync.373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  http://weather.service.msn.com/data.aspx373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://mss.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://pushchannel.1drv.ms373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://CA.docusign.net/Member/Image.aspx?i=3Dlogo&l=3D487e5df5-4e91-4cb1-=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                    		unknown
                    https://wus2.contentsync.373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://clients.config.office.net/user/v1.0/ios373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ca.docusign.net/Signing/EmailStart.aspx?a=3D5bbcd29e-9cd=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                      		unknown
                      https://api.addins.omex.office.net/api/addins/search373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://support.docusig=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                        		unknown
                        https://outlook.office365.com/api/v1.0/me/Activities373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://clients.config.office.net/user/v1.0/android/policies373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://entitlement.diagnostics.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://outlook.office.com/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                          		unknown
                          https://storage.live.com/clientlogs/uploadlocation373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                            		unknown
                            https://login.microsoftonline.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://substrate.office.com/search/api/v1/SearchHistory373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://support.docusign.co=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                              		unknown
                              https://clients.config.office.net/c2r/v1.0/InteractiveInstallation373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://service.powerapps.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://graph.windows.net/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://devnull.onenote.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drfalse
                                		unknown
                                https://messaging.office.com/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drfalse
                                  		unknown
                                  https://CA.docusign.net/member/Image=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                                    		unknown
                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://skyapi.live.net/Activity/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://support.docusign.com/en/articl=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                                      		unknown
                                      https://support.docusign.com/en/guide=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                                        		unknown
                                        https://api.cortana.ai373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                          		unknown
                                          https://messaging.action.office.com/setcampaignaction373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://visio.uservoice.com/forums/368202-visio-on-devices373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://staging.cortana.ai373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://onedrive.live.com/embed?373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            		unknown
                                            https://augloop.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.diagnosticssdf.office.com/v2/file373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://officepyservice.office.net/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.diagnostics.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://store.office.de/addinstemplate373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://wus2.pagecontentsync.373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://api.powerbi.com/v1.0/myorg/datasets373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://ca.docusign.net/Signing/EmailStart.aspx?a=5bbcd29e-9cdf-4b4a-b28e-2fcc78e48557&etti=24&acct=~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drfalse
                                              		unknown
                                              https://cortana.ai/api373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://schema.org/Creat=4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.emlfalse
                                                		unknown
                                                https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/email-logo.png~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp.1.drfalse
                                                  		unknown
                                                  https://api.diagnosticssdf.office.com373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://login.microsoftonline.com/373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.addins.omex.office.net/appinfo/query373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://clients.config.office.net/user/v1.0/tenantassociationkey373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://powerlift.acompli.net373679AD-14EB-4C24-A38F-BAD4F047100E.1.drfalse
                                                  • URL Reputation: safe
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  No contacted IP infos

                                                  General Information

                                                  Joe Sandbox version:41.0.0 Charoite
                                                  Analysis ID:1523644
                                                  Start date and time:2024-10-01 21:53:02 +02:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 5m 4s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Number of analysed new started processes analysed:8
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample name:4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml
                                                  Detection:CLEAN
                                                  Classification:clean1.winEML@3/11@0/0
                                                  EGA Information:Failed
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 0
                                                  • Number of non-executed functions: 0
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .eml

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                  • Excluded IPs from analysis (whitelisted): 52.109.76.240, 52.113.194.132, 20.42.65.91
                                                  • Excluded domains from analysis (whitelisted): ecs.office.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, onedscolprdeus17.eastus.cloudapp.azure.com, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                  • VT rate limit hit for: 4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml

                                                  Simulations

                                                  Behavior and APIs

                                                  No simulations

                                                  LLM Input / Output

                                                  InputOutput
                                                  URL: Email Model: jbxai
                                                  {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  No context

                                                  ASNs

                                                  No context

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):231348
                                                  Entropy (8bit):4.388309285045891
                                                  Encrypted:false
                                                  SSDEEP:3072:8JgrJngJmiGu2S6qoQCrt0FvqZ2moq9kN:8owmi2SH42moq9m
                                                  MD5:80A542F9E63AE623D31CF6F726717C26
                                                  SHA1:2D32410E740C27D5158A5009B9EAC288D6501698
                                                  SHA-256:4E9480B2F8695FC884E55326B175D8828414C47FF2C49D258195B4776C8577BE
                                                  SHA-512:41C289638FC6CCE1BBF81EB5FB49BC87BB167A6D0F6D671EE7C9CF23391B3539A1F01CDE8FE82C368F68B3CF1A1A5316A3543A21EE9D76B17BF03701B9FA0F96
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:TH02...... .P7%.;.......SM01X...,...pP..;...........IPM.Activity...........h...............h............H..hd.......>..b...h.........4..H..h\tin ...pDat...h.w..0..........h~.A............h........_`1k...h2.A.@...I.Rw...h....H...8.6k...0....T...............d.........2h...............k..............!h.............. h..,..........#h....8.........$h.4......8....."hHe......(j....'h..............1h~.A.<.........0h....4....6k../h....h.....6kH..h....p...d.....-h .............+h..A.....X................... ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\373679AD-14EB-4C24-A38F-BAD4F047100E

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):177088
                                                  Entropy (8bit):5.2867444528449905
                                                  Encrypted:false
                                                  SSDEEP:1536:Ci2XfRAqcbH41gwEwLe7HW8bM/o/NM5cAZl1p5ihs7EXXCEAD2OdaLI:3Ce7HW8bM/o/9XPkiI
                                                  MD5:4BE85C396D4326546A18271A5BCF2E72
                                                  SHA1:90A8139970B14C3E9A58372649703657EA7C6A8B
                                                  SHA-256:D4F34E5C758F16CB422D58373EE80B20A2A43D3968B7EDE208B05C22B627BCC6
                                                  SHA-512:CBD24906C656CE9BB9792947186C6180C1EE27CE03CC125C47522886510831955C06D94013CBC6B0B87B220C81E2A39FD4DEB2C7548717EC2F442E9B6F4541E0
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-01T19:54:19">.. Build: 16.0.18112.40129-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):32768
                                                  Entropy (8bit):0.04595739460260245
                                                  Encrypted:false
                                                  SSDEEP:3:Gtlxtjl2qcTVKmZiottlxtjl2qcTVKmZ6//jR9//8l1lvlll1lllwlvlllglbelL:GtA3RtA3g/t9X01PH4l942wU
                                                  MD5:A060C7A1ADFCDE545E5F010A039CE908
                                                  SHA1:17E22649F29DC8B385B7420810F86828669DA81E
                                                  SHA-256:A2EBC1C95649C1EB331D268CC084B67A8D92118036A4DB2144E864ECE1E85CCF
                                                  SHA-512:289D25A8231667A85AED5532B9797C756D401479C917D872A629D5E0BA8B91D9A4946C9D8B3B1920EACF10708DD897461EB8B8C5A4C15B10E5DB954D3A1A5B72
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:..-.....................:..>.d.X..;.yf,"..-oC..{..-.....................:..>.d.X..;.yf,"..-oC..{........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                  Category:modified
                                                  Size (bytes):49472
                                                  Entropy (8bit):0.4833808936782817
                                                  Encrypted:false
                                                  SSDEEP:48:LNEyQ14vUll7DYMI+TzO8VFDYMZLBO8VFDYML:YW8ll4ujVGYFjVGC
                                                  MD5:3C78C834C0EF9C7236B2B30C7C3981FC
                                                  SHA1:889BCF7E6A9803D8A8DDA159669AF3088BAF42BD
                                                  SHA-256:1D438A41399463CAB2891FBBA678616CF43CD3F47124D90E857FF76B84B26C33
                                                  SHA-512:96BBA8421ADC95DC4DE55C21E204ACA49C557EDE6A60194A668DFD76D6F40AE7209052E9AA850C3D7A9BBD25AB311D7F0C0543E53DDF3BEFE1E21E32CA6C9647
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:7....-............;.yf,"."...7:;..........;.yf,",...k.-]SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{985F228E-76FA-4261-BFC3-FDAA4B67DEF3}.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):15332
                                                  Entropy (8bit):3.876534806290498
                                                  Encrypted:false
                                                  SSDEEP:384:RlY++QQPUMJN0p2188ooooxMMe6sMh+0:RAJGp2XooooxM4+0
                                                  MD5:2F707C2B607C8FD474DF3B554B189314
                                                  SHA1:0D7C897533491D8F3FD68267674B41813364C1F0
                                                  SHA-256:263F0828513BE455EEFA3B54E4FAC223546A50A767014532FB13477AB46F7E2E
                                                  SHA-512:D5CF43DCA84F494A22EE963C97D44E23CA3088BF1C6818533CFA1C2D321F7A1B796C4314E269B5879D91831D6C593FB2355DC4FBE6A3FB26B1D4E5C35739AAB2
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:......[.C.a.u.t.i.o.n.:. .E.x.t.e.r.n.a.l.]. ...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................0...2...6...8..........................."...$...&...(...*...,........................................................................................................................................................................................................................................................................................................................................................$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727812456851792000_45F1E368-0D81-4B59-ACF2-AE66188E3DB5.log

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:ASCII text, with very long lines (28775), with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):20971520
                                                  Entropy (8bit):0.160802992235707
                                                  Encrypted:false
                                                  SSDEEP:1536:d4rTdDZZTU6DKpc9Z8FP+H3K0Sfwg5jNx4l3ruOFQCw5BQ:mDTzDK6c3t
                                                  MD5:75B1339E4E7947E82C635A73DB01A5D2
                                                  SHA1:1C024B1AE2C8027E7E350CD4AFB59847D73C8FA9
                                                  SHA-256:6CCC38CF94F6902646BC5D6304B182A856C24DA6833B71D885AF7F5D47FA0CD4
                                                  SHA-512:12995846CC55B1A8912A353B99DD43FAD0A40BF3310372F58007D05081CC2949930926EC7497214B17BA525A2498A194801DBCD36E58C62762F1EDBB79E6DAB0
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/01/2024 19:54:16.962.OUTLOOK (0x498).0x1758.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-10-01T19:54:16.962Z","Contract":"Office.System.Activity","Activity.CV":"aOPxRYENWUus8q5mGI49tQ.4.9","Activity.Duration":17,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/01/2024 19:54:16.978.OUTLOOK (0x498).0x1758.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-10-01T19:54:16.978Z","Contract":"Office.System.Activity","Activity.CV":"aOPxRYENWUus8q5mGI49tQ.4.10","Activity.Duration":11858,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVer

                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727812456853038700_45F1E368-0D81-4B59-ACF2-AE66188E3DB5.log

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):20971520
                                                  Entropy (8bit):0.0
                                                  Encrypted:false
                                                  SSDEEP:3::
                                                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241001T1554160415-1176.etl

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):106496
                                                  Entropy (8bit):4.490865761109458
                                                  Encrypted:false
                                                  SSDEEP:768:IVAbd6DnyvygpffC42m9M+W0uGXCtYdWiWwGKYAy7sRI:a42m9M+WeXEvsO
                                                  MD5:3BE64E3E2E916C9B218747F5DFCEE286
                                                  SHA1:1E5F7BA0593EBE2085DED4A932A76089C4143292
                                                  SHA-256:14E2A56A6AA7D841F50484D7047D3C25DB66F6D7645D28304417E33C3955261C
                                                  SHA-512:2D86B607E14F5362489636A9FDDA4ABAA8DC2B3E6406AD38599C26003D8D431C007DBEEF543061B0B7EC456C3A4B1813F3336582EDC368608DD5E0C5ABB10719
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:............................................................................^...X.......@.F.;...................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................>-.]...........@.F.;...........v.2._.O.U.T.L.O.O.K.:.4.9.8.:.a.e.7.9.f.2.4.c.1.9.4.a.4.0.1.7.a.f.d.3.a.5.a.8.d.7.5.0.a.6.4.f...C.:.\.U.s.e.r.s.\.t.i.n.a.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.1.T.1.5.5.4.1.6.0.4.1.5.-.1.1.7.6...e.t.l.........P.P.X.......@.F.;...........................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):30
                                                  Entropy (8bit):1.2389205950315936
                                                  Encrypted:false
                                                  SSDEEP:3:0jlJt:0Z
                                                  MD5:7F9EB6AA60E32C9109D947F467D9D04B
                                                  SHA1:1DBF6B5DD63C4E9601C35569F1FE978E6C57C7F5
                                                  SHA-256:F34E7B00B9892F898BD0BC72D70AD6CDF2A316D964015E5382AC6BA1BAFCD71D
                                                  SHA-512:E3300D33FB42C417D7EF60CB2BA383F6678A25D2888742B35834C2C234EBD57F0678C9A7553F6DD10C6922C06B91BF75A8769334FDD124EAA71CA876B7750306
                                                  Malicious:false
                                                  Reputation:low
                                                  Preview:....C^........................

                                                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:Microsoft Outlook email folder (>=2003)
                                                  Category:dropped
                                                  Size (bytes):271360
                                                  Entropy (8bit):2.6691487778262584
                                                  Encrypted:false
                                                  SSDEEP:1536:DTEq72jKAY6RtAHsuXZhT+N84wiApZqtjJXOfTj6W53jEpEHP4qQ10PAwroDDlD3:v1qjvA9BhQjVOgp9B8Np9
                                                  MD5:AD7D1491D48BC706E038CF18A0933015
                                                  SHA1:EDD6E242C4A946BDB37ECC2EC13F51EB20476CF5
                                                  SHA-256:75A50591D7F242D48A2DA9C0A1FA2C3A52115D8297D2B9152DD41F8FAEAAA771
                                                  SHA-512:9E7CBDCA196CA88524900D54C5962CE5AC003BE34300131F1E70F15A2C4B6914DDECFAA81BAD3BCFD4B528DAD244B905224862C03A5D10FC0AEFF1FDF40F2295
                                                  Malicious:false
                                                  Preview:!BDNq...SM......\....Z..................Y................@...........@...@...................................@...........................................................................$.......D...............................................p..................................................................................................................................................................................................................................................................................X.......G. ..y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                  Download File
                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                  File Type:data
                                                  Category:dropped
                                                  Size (bytes):131072
                                                  Entropy (8bit):2.492674804309223
                                                  Encrypted:false
                                                  SSDEEP:1536:oW53jEpEHP4qQ10PAwr1fDOM85DDp0pqT:qp9Jbp3
                                                  MD5:6AA53B07CDEED90A59035EB211224792
                                                  SHA1:B484A9AD591470813F25F9A23D3A7ADFC6BE92EB
                                                  SHA-256:CC8FFF8A39AB397CF874AA2E503364BD765EBC876C5E603C934F962810FF120C
                                                  SHA-512:647D0F7F8419DD5E843B369D7C8C0C823001CA9E8E2EE85A24CAF89B7F725498775EE686F70F2B64D7F25C52DEC04FDF13E40BF052BA9FE9E56E920F52985C40
                                                  Malicious:false
                                                  Preview:.i.C...d...........f.~.;.....................#.!BDNq...SM......\....Z..................Y................@...........@...@...................................@...........................................................................$.......D...............................................p..................................................................................................................................................................................................................................................................................X.......G. ..y.f.~.;........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                  Static File Info

                                                  General

                                                  File type:RFC 822 mail, ASCII text, with CRLF line terminators
                                                  Entropy (8bit):5.91803365300272
                                                  TrID:
                                                  • E-Mail message (Var. 5) (54515/1) 100.00%
                                                  File name:4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml
                                                  File size:23'227 bytes
                                                  MD5:b7a2983907085c64a58fd73a50245b09
                                                  SHA1:1fb80e381050345c1541509e04452f73cd47488a
                                                  SHA256:bd7413d423ae5ff3fe45a2bdc92e65ad79c3c2e938a2f47f0104c92118c946ff
                                                  SHA512:4717d59f0c98aa0caca8c3770e08a3d4903d96bb346deb292f7c8dcedadcf80739bda3363676db46a91cbf7cd8857bb0071cb0dc996c1f5e1961bc02aa5ccc63
                                                  SSDEEP:384:esfSZaHI/OIE5fq415p620Fye/h9o1nvpMKB4YaerS:esfRoWz5C41r620Fg+KB4nerS
                                                  TLSH:DCA22B7182525827D9731135B0017D89B660BC0E6AB686D0B42F713B6D9F8323FB7B8E
                                                  File Content Preview:Received: from BY3PR10CA0029.namprd10.prod.outlook.com (2603:10b6:a03:255::34).. by SA1PR02MB8350.namprd02.prod.outlook.com (2603:10b6:806:1e5::17) with.. Microsoft SMTP Server (version=TLS1_2,.. cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8005

                                                  Static Mail

                                                  General

                                                  Subject:Complete with Docusign: ATB/Burner Loan - HWN Guarantor Documents
                                                  From:Alexia Ebio via Docusign <dse@camail.docusign.net>
                                                  To:John Oberg <joberg@hwnenergy.com>
                                                  Cc:
                                                  BCC:
                                                  Date:Mon, 30 Sep 2024 22:01:30 +0000
                                                  Communications:
                                                  • [Caution: External] [https://CA.docusign.net/Member/Image.aspx?i=logo&l=487e5df5-4e91-4cb1-852c-51db4823e2b0] [https://CA.docusign.net/member/Images/email/docInvite-white.png] Alexia Ebio sent you a document to review and sign. REVIEW DOCUMENTS <https://ca.docusign.net/Signing/EmailStart.aspx?a=5bbcd29e-9cdf-4b4a-b28e-2fcc78e48557&etti=24&acct=e6e023fe-9699-47d0-a744-d26d6a98d851&er=572c6655-40bb-4367-b177-8ee1a24d93d9> Alexia Ebio aebio@parlee.com John Oberg, Complete with Docusign: 05. Corporate Guarantee Resolution (Certified).DOCX, 06. Guarantor's Resolutions.DOCX, 07. Officer's Certificate (Guarantor).DOCX - Compatibility Mode.pdf, 09. Continuing Guarantee Unlimited (HWN Energy).DOCX, Guarantor's Resolutions (MB).DOCX, 11. Postponement and Assignment of Claims (2624362 Alberta) (C7860052x7ADDC).DOCX Thank You, Alexia Ebio Powered by [Docusign] Do Not Share This Email This email contains a secure link to Docusign. Please do not share this email, link, or access code with others. Alternate Signing Method Visit Docusign.com, click 'Access Documents', and enter the security code: 5BBCD29E9CDF4B4AB28E2FCC78E485576 About Docusign Sign documents electronically in just minutes. It's safe, secure, and legally binding. Whether you're in an office, at home, on-the-go -- or even across the globe -- Docusign provides a professional trusted solution for Digital Transaction Management. Questions about the Document? If you need to modify the document or have questions about the details in the document, please reach out to the sender by emailing them directly. Stop receiving this email Report this email<https://protect.docusign.net/report-abuse?e=AUtomjpFak9GlbPL0zFFi11R5ua55B6ubM-iUgMbF13bwFw5v8YRuL6dqgMMe4QpTzreCmuIe497GtoXLuVyMNCyM_lszwldv9geGKg823idAMpF4bSuc6c80CEaky_LjB7rK9sTbUDqLEAsGQe4le8S6ZWz2UNDwTDFr385HPOXgVS8b_FWfO00TQw_yXm3iep_fo67tKji2f4XU44VKvmX3S_ah_C3M2H-Im1iHInozpYHbpC4n7WWBZ_7t3LB-cMtYzD_iRw_iWi5_2YEqnROeyUG6z2L_ocEPWE-kMTppdR4nkk8DtSMB7p_0Q_h0-l42Pk-YbyN5C-mu3nn3TIPf6z1WKptAapy7HbaWyQf6-EDHtzvzcb6IanmH1NCnXg1qgxLSPYZ0BDtk45LjOETSd_FfjyFSkt9JAQBeSUMfig4np-eXJMNVuY_swNa9A&lang=en> or read more about Declining to sign<https://support.docusign.com/en/guides/Declining-to-sign-DocuSign-Signer-Guide> and Managing notifications<https://support.docusign.com/en/articles/How-do-I-manage-my-email-notifications>. If you have trouble signing, visit "How to Sign a Document<https://support.docusign.com/s/articles/How-do-I-sign-a-DocuSign-document-Basic-Signing?language=en_US&utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=product&utm_source=postsend>" on our Docusign Support Center<https://support.docusign.com/>, or browse our Docusign Community<https://community.docusign.com/esignature-111?utm_campaign=GBL_US_PRD_AWA_2405_CommunityCTA&utm_medium=email&utm_source=postsend> for more information. [https://docucdn-a.akamaihd.net/olive/images/2.62.0/global-assets/email-templates/icon-download-app.png]Download the Docusign App <https://www.docusign.com/features-and-benefits/mobile?utm_campaign=GBL_XX_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=product&utm_source=postsend> This message was sent to you by Alexia Ebio who is using the Docusign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request. [Caution: External] This is an external email and may be malicious. Please take care when clicking links or opening attachments.
                                                  Attachments:

                                                    Headers

                                                    Key Value
                                                    Receivedfrom camail.docusign.net ([127.0.0.1]) by QC1FE62.CAAD.docusign.net with Microsoft SMTPSVC(10.0.17763.1697); Mon, 30 Sep 2024 22:01:30 +0000
                                                    Authentication-Resultsspf=pass (sender IP is 64.207.219.135) smtp.mailfrom=camail.docusign.net; dkim=pass (signature was verified) header.d=camail.docusign.net;dmarc=pass action=none header.from=camail.docusign.net;compauth=pass reason=100
                                                    Received-SPFPass (protection.outlook.com: domain of camail.docusign.net designates 64.207.219.135 as permitted sender) receiver=protection.outlook.com; client-ip=64.207.219.135; helo=mailda.docusign.net; pr=C
                                                    DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/simple; d=camail.docusign.net; s=mail1; t=1727733691; bh=x6KH5AlQBcOobNUxr+0DTeNaMMzWLpSHabnymDEo6/M=; h=From; b=gXo6hLcUZGvnxJjiZPDPv0NB5hXS36m/h0G7F3+078d4vLZIwuhhoX74evsumA17l BpGms1Ns83zPkPiQHGEBYB4s7qAsOzJnVkrPC+nSRDrgQS3r/lnE+vL+e51o+r4wcG jWN113ydewYG/D5cZU4KdXOdLsBY6/w74lSViMXz3TnImLOPysvS9EkMNGiNneUgGa XacbZV7qHa7P9gYCuLu4bR1B9XNvJG8qHjQq0+4MTcP5bt95Q/Eshz+C//u2Mzvh86 tJZ2M4n0tNXP66TxLxA5u+CDveZvvkX5ySFFqwizjz7Wui7zOVdZ8wOKREK4qxQnoF DAThwv+S8T1VA==
                                                    SenderDocuSign CA System <dse@camail.docusign.net>
                                                    Reply-ToAlexia Ebio <aebio@parlee.com>
                                                    Recipient-Id572c6655-40bb-4367-b177-8ee1a24d93d9
                                                    X-DebugFalse
                                                    X-Email-Rejection-ModeLearningMode
                                                    X-Api-Hostca.docusign.net
                                                    Site-Id6
                                                    X-BounceEmailVersion1
                                                    FromAlexia Ebio via Docusign <dse@camail.docusign.net>
                                                    ToJohn Oberg <joberg@hwnenergy.com>
                                                    Message-ID<b1c180e2a96b44f492a68919f3dcf013@camail.docusign.net>
                                                    DateMon, 30 Sep 2024 22:01:30 +0000
                                                    SubjectComplete with Docusign: ATB/Burner Loan - HWN Guarantor Documents
                                                    MIME-Version1.0
                                                    Content-Typemultipart/alternative; boundary="----=_NextPart_B51BD15C_F34E_473C_9B29_51A07E6485D3"
                                                    X-OriginalArrivalTime30 Sep 2024 22:01:30.0051 (UTC) FILETIME=[4DDD2130:01DB1384]
                                                    Return-Pathdse@camail.docusign.net
                                                    X-EOPAttributedMessage0
                                                    X-EOPTenantAttributedMessage358b80b3-b792-470b-a1c4-c5247643c1b6:0
                                                    X-MS-PublicTrafficTypeEmail
                                                    X-MS-TrafficTypeDiagnosticSJ1PEPF000023CE:EE_|SA1PR02MB8350:EE_
                                                    X-MS-Office365-Filtering-Correlation-Id64a6a0cd-4d5b-45a1-f09d-08dce19b71db
                                                    X-MS-Exchange-AtpMessagePropertiesSA|SL|HVE
                                                    X-Forefront-Antispam-Report CIP:64.207.219.135;CTRY:US;LANG:en;SCL:8;SRV:;IPV:NLI;SFV:SPM;H:mailda.docusign.net;PTR:mailda.docusign.net;CAT:HPHISH;SFS:(13230040)(35002699018)(13012899012)(69100299015)(5062899012)(12012899012)(13102899012)(1032899013)(3092899012)(2092899012)(3072899012)(4092899012);DIR:INB;
                                                    X-Microsoft-Antispam BCL:3;ARA:13230040|35002699018|13012899012|69100299015|5062899012|12012899012|13102899012|1032899013|3092899012|2092899012|3072899012|4092899012;
                                                    X-Microsoft-Antispam-Message-Info en3/WfMseUM6xX1Rs1R38NsxcOQV07X/4Lqgbv9alfZ4G/fyeIj8luxYqFZvAtOZ7Ggpi1xT2xl50vnqmmWv7/t3PGgGP6rNgK8u4okUOpm5XIHj6qefBjTh0OLyYkH8icYXOoL5g6oZ4/kat8po89Ee+OFux3lvFfdeIm7btO54XyocjIdAXnJmXElBQDu7GxVfzxGWaM1hAvudHmrb60FecfMQXp9+b6ClkRnv/YRJCqW7DXTBPlIypr9whTAJn7W57mab3+jvxafzWLiDkazRAJtaCcxo6/zuj+XHU4DsggIrNM7aLhblaRdecNGJA5F9QNPtTVwL8VrN0WB+6aMasn62vfnToqfMdk/lSnJnAITXJ69Y9bZDFvuZBm+vBqns/zngaqeT+2hhrntAXIbQxTiZ+J5n7GJe4pHjzj7F3WNIFBpX5JDrZdyhd+ydckEofcv1GozPer3lHrmcjl/tbbsmlBacakUSwoCSNzB8Gab7sjzNmHZBigrV9fAQLdr+h0qsVi7KWcuxZBHcBi1544um391AjT90eaT9dLCpTn0PX47QbVF8xC2ugnW3T4L3oyqKYbjX9FVpFbIUgRpHgQsAi5Ss/CU+sP2NOSarikTTTFdWdEVbUu1JkCBNubW+Tv0Rs37so+aZuY0gR+xeavZAYoQcUSyfdm64QOAZz98wJct8iYmZlPp0yarbtQO7LXkp+Mhkjj+/AGrJLxJjIIqBz54/nxxGYiL1z5SFa0QlhfwXB42i/EkzYvwSv2Iozdng9lTNo+OKOaKW5r1QFd9SaUtWz1Nfxc8tShZmwe86VfF1zb/lw5Hyusj1Hqcb5qxaUcXufGxSCylGqhhzsXAb9jJb6x+TaWhcmS/Nm86zs5HjLQYNDkM2nwAWqRmtvVKkqrrDpPMHpohpvdw9SrNyM5oMNbZ6YQmMZ5r0ALHTcsJxkcLMgCzCpRnmEpKxKi3vjLkqJJlTNzokKCaed5YUPIUOeJ5D97dnOySdWlGlQqtG0XkBAC5fxQOZjeYHVxiwvgL5ZzvISptDEx5KBEmMke3UJXWRYoXmiUP/fIHNZitfkMbXKhi8dzaXU3jHTHhAw870FwYNKIil4nMQKl4mEo+qpQe7zT6TFLHER+cErAQ1TJePubdYUtSBbfLmLLlf8n2Rhe0gxE35uThyJlQyiX+DkRspbrfL4YI2Kl9wxxCsK5qobsEV7uj6vyWmlPkgsswYQEdkyKjbE3CzOt9kiMNqgltSIslDCIf+DfSTHyNeq9J/GQ3w/TN404T+NHVIE5bgY2P92hH6LJSe/jy7kWekqAq2HJpMgAWdlwQ5RJCzSZyvx40KUNSEsaSi3cI1cseqG6fzlWfqI/tmPMRXtzKneriBFJa7u5KcAI7v86LaXFvobA1SQBmRKjsAywtBw0+M2evVScAL40P35SZv0UJbnZZPyeLYBCM20HIfV6UZa5C7Hlon2EanvmIzVI8Ry0c1+4qV1x+W2/K6eNYzp5Ay3RjYVqk2liuVKEgLbciVidJUftjV/COrgAs4BPcDXORI4XP2V3geeKyvF4r+8/hcmUGRzZe7OpKxtvnCsMdt7xB28kbj5ss2mZmdbIKxGeAjw9A/4QA1qtJXJ9vP5WOnE+VTgDTCcmnm4d1Ld+raRmPiKKW7ieJT+Wi6m3baPZzS8Fchi93vyAgkYLETKZ+gx2ZDqsmPvxwXXvlY1JvZAWp3IqBCTT441WPL6yKhpo0ELFKBJhMNYsCFM6Cm1O5hVvrmHS79wTXU/jn/14L9sp7EDjc+1fSS0VZMi1wBRq+AGpkYnwtkLFqIj94X0MYNO7Ff+G5yDCffKATSnHBAwcOsj3FqGH15LbemHpTp3mZV45Wo1Ev3g7CsiMkRgqQW4hKNKTjr+BAUOkdAThViIwMOYs/yjDw5TVImE4P53Hwk5UyNRraNUqVU7Sd+KLlDn7j+OWRhtn4HgLB8ufKve4bOB8xn/DkmhC4Owg6+FUmzt9PlWp0VHMt+kmfBaja8KeLtr6VAPAhzR0UjOkNrpvzSai/F7nIe3QuleCSZrG7cfDN6gXOyKj1p79gkvS39QsKVw0X50JYbTuhwXOgQuT+tAxH5q7eovEV1AIGU9Skbs6J3zb2Qzua65rxO6kFc+7kWWZezAiz9VZS0bU/ysZkN78Opl5i27tsSbki0GgFx1CbWZJygodFHD1MkMERepnVqKif9jRQjEuKUuohGabN6uHP9tdymqMPXtim1cOgE347vKk2uV3hYp+BndkFI7HsnY3+Agm9HG55SAvyFjVu3L6Cxsy87sBM/9TL/3EPBINXY+ceCgNwZLIoB+gSBjMm8N8s+rS0ZfeXDJq47v09Z8lNhShxyEY6KZG2Vqx7HLnCg3ANfh4Z6e3fZdkujP0ktlKPnN79ZZ4OyfJT2ExIUGyfdBH5oUwbLMhHL2N6D/07oMqMsNKC8ZuoW3ZxbRtRYho82249rBWpDaUFOi31qLGeSDSR7kQMLLqvOhCFJvQd4eA5Sr7c/BgkXQC/x/A8TYG1HXHLsnUkyLN05D626AtkE9Xfn8uuqKUoVUA9kottKrYr9Yw==

                                                    File Icon

                                                    Icon Hash:46070c0a8e0c67d6

                                                    Network Behavior

                                                    No network behavior found

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:1
                                                    Start time:15:54:11
                                                    Start date:01/10/2024
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\4f81d9eb-1e04-000f-3ee3-baa7240c1fe2.eml"
                                                    Imagebase:0x850000
                                                    File size:34'446'744 bytes
                                                    MD5 hash:91A5292942864110ED734005B7E005C0
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:4
                                                    Start time:15:54:18
                                                    Start date:01/10/2024
                                                    Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "1256FA96-3472-4A23-B9A0-807F9DDD5703" "3F876BA8-2361-4CCF-98A6-68260E9F120D" "1176" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                    Imagebase:0x7ff7a2470000
                                                    File size:710'048 bytes
                                                    MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    Disassembly

                                                    No disassembly