Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Axactor Microsoft - Introduksjonsm#U00f8te.msg

Overview

General Information

Sample name:	Axactor Microsoft - Introduksjonsm#U00f8te.msg renamed because original name is a hash value
Original sample name:	Axactor Microsoft - Introduksjonsmte.msg
Analysis ID:	1524034
MD5:	753e07dc560986e69a18fd3ec1bcce68
SHA1:	ebe1bb8775e0f44126f1806aacfefcd0bac08734
SHA256:	d7fbed810d6e04385a98349f8e3a76904bd13799bd1e4035f5ceb8216cc54460
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores large binary data to the registry

Classification

×

Process Tree

System is w10x64_ra

OUTLOOK.EXE (PID: 2668 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Axactor Microsoft - Introduksjonsm#U00f8te.msg" MD5: 91A5292942864110ED734005B7E005C0)

ai.exe (PID: 2104 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CC7A2BEE-2601-4BC5-8135-28ECC8573887" "DB589ACD-F139-4868-9435-FA7AB6F7BBEA" "2668" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 2668, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean1.winMSG@3/20@0/59

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T0633220054-2668.etl

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Axactor Microsoft - Introduksjonsm#U00f8te.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CC7A2BEE-2601-4BC5-8135-28ECC8573887" "DB589ACD-F139-4868-9435-FA7AB6F7BBEA" "2668" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "CC7A2BEE-2601-4BC5-8135-28ECC8573887" "DB589ACD-F139-4868-9435-FA7AB6F7BBEA" "2668" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value created or modified: unknown 1

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Modify Registry	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	12 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
bg.microsoft.map.fastly.net	0%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.126.151	unknown	European Union		16625	AKAMAI-ASUS	false
52.109.28.47	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
51.105.71.137	unknown	United Kingdom		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
199.232.214.172	bg.microsoft.map.fastly.net	United States		54113	FASTLYUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524034
Start date and time:	2024-10-02 12:32:49 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Axactor Microsoft - Introduksjonsm#U00f8te.msg renamed because original name is a hash value
Original Sample Name:	Axactor Microsoft - Introduksjonsmte.msg
Detection:	CLEAN
Classification:	clean1.winMSG@3/20@0/59
Cookbook Comments:	Found application associated with file extension: .msg

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 52.113.194.132, 52.109.28.47, 2.19.126.151, 2.19.126.160, 199.232.214.172, 51.105.71.137
Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, self-events-data.trafficmanager.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, eur.roaming1.live.com.akadns.net, osiprod-uks-buff-azsc-000.uksouth.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprduks03.uksouth.cloudapp.azure.com, uks-azsc-000.roaming.officeapps.live.com, login.live.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, wu-b-net.trafficmanager.net, a1864.dscd.akamai.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

LLM Input / Output

Input	Output
URL: Email Model: jbxai	{ "Status":"Unavailable"}
	{ "Status":"Unavailable"}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	338
Entropy (8bit):	3.4657220944431426
Encrypted:	false
SSDEEP:
MD5:	0719B3DA2D1940342CF580C95F00DD10
SHA1:	5AB192C186109ABD0FF0F4DFE9595B11DF769831
SHA-256:	A3A05902B1AEC2960CFF4C8CE4133398110A35CD50E97C18E8125D8C885439EA
SHA-512:	35267CD35FC6742900CDA5E7FD4AE7917B21966A6F8460785B6AD1216381215EA800CA2874E40D444FE168239EC1B8BA1EAB37FF73547BF72666734F6BAC1AA1
Malicious:	false
Reputation:	unknown
Preview:	p...... ........?.......(...............................................B:.VZ.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	231348
Entropy (8bit):	4.390305475555932
Encrypted:	false
SSDEEP:
MD5:	29CFFB3AAC3DA2CFA9B41CA40A710052
SHA1:	25A80474446C337EBF55A63B9195603CAFCC0290
SHA-256:	97116C4411FAC69F4BEA9776765CF2688CFA8359994499DB3313AC0BF44C63AC
SHA-512:	36930847AC4A85BD0DAE399A57B596F24BFF69CF9AA4C00CF4A1E55EA8265267FB513763FDAED1A906CAC6666F2E27FD5F40DC8B993BC2E7A03B786E085A9141
Malicious:	false
Reputation:	unknown
Preview:	TH02...... ...ku........SM01X...,...@B[u............IPM.Activity...........h...............h............H..ht./......."....h.........7e.H..h\tor ...AppD...hxTV.0..../....hl.c...f........h........_`.k...h .c.@...I.+w...h....H...8..k...0....T...............d.........2h...............k..............!h.............. hf......../...#h....8.........$h.7e.....8....."h........P.....'h..4...........1hl.c.<.........0h....4.....k../h....h......kH..h .f.p...t./...-h ........./...+h.c....h./................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	322260
Entropy (8bit):	4.000299760592446
Encrypted:	false
SSDEEP:
MD5:	CC90D669144261B198DEAD45AA266572
SHA1:	EF164048A8BC8BD3A015CF63E78BDAC720071305
SHA-256:	89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
SHA-512:	16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
Malicious:	false
Reputation:	unknown
Preview:	51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	10
Entropy (8bit):	2.7219280948873625
Encrypted:	false
SSDEEP:
MD5:	54767607C256A08B2DDDCDBBAB97C3E6
SHA1:	D8860ACF338C09142E06808395971D9C427D200F
SHA-256:	328EF9EC8B82903465D5CC4B2239DC85A32F3699FE86BB64BDD7ED56CF719372
SHA-512:	EB6F75BDE489CD95445A9A850F8EDC309521FCC9787806EB00DCBEA661C5B28263EF9404AC84F4A68AEEFF91505352FB602ED4BCADEFC9E97AFD30381D7062D3
Malicious:	false
Reputation:	unknown
Preview:	1727865205

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.09216609452072291
Encrypted:	false
SSDEEP:
MD5:	F138A66469C10D5761C6CBB36F2163C3
SHA1:	EEA136206474280549586923B7A4A3C6D5DB1E25
SHA-256:	C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
SHA-512:	9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	4616
Entropy (8bit):	0.1370048545379396
Encrypted:	false
SSDEEP:
MD5:	5BD120A8639BD578F532B708550B413A
SHA1:	E374CFA86BA7AFB0FA0407F05C37F57F40D55C48
SHA-256:	C49B97149C825559779E12FDB484FAB9FD2C17267FE52254AEADAD90068AC472
SHA-512:	FB25914885C6ED8F19732E971FC8F719FF92B25BDD9AD7E4CFA4F468E56610744E7718B96AEC09AA5F4C37A6B117F1DC92165D51C6503251C96E1F644F40162B
Malicious:	false
Reputation:	unknown
Preview:	.... .c........5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.0446603401158491
Encrypted:	false
SSDEEP:
MD5:	9BF613882684BBADDA2124E750277E8F
SHA1:	3F5727C15D931D5AF3667B60C26BE46FB91693F5
SHA-256:	2C067596A3F854224DDA76814B02F2750F8C1F64C8125851CEA716DC743E49FF
SHA-512:	ABB289F4981DA5C941AE1C0320D82737D5D72BC2F24C85789755E34041A11A0EB1E62A9266F69288FFCC99E318501FCF50891DD765ECD95537692FF75F7598B9
Malicious:	false
Reputation:	unknown
Preview:	..-......................e.xs..pH.^i...,\|7.Q/....-......................e.xs..pH.^i...,\|7.Q/..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	45352
Entropy (8bit):	0.3925949238881112
Encrypted:	false
SSDEEP:
MD5:	CE3878450B5179B0347E8A585C9436EC
SHA1:	465D252B382BCD5920B4363CFC794CF67AD8E994
SHA-256:	1B87EF2DE94B0FDC4CCE85A5CDFFF1CAB08188671320E9B56F6F4F5FA77BA27B
SHA-512:	0E0C70F63BD948A1818CF7EC70C3D062B5E18F01D2175124FDE40381F45DC3C40EBEF8F7846906B12A023B6DA278C97BE26B12283A0B3BC67AF933419D99F363
Malicious:	false
Reputation:	unknown
Preview:	7....-..........H.^i...,>E.[#...........H.^i...,.ef5...fSQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\76DF1C90.dat

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	PNG image data, 198 x 54, 8-bit/color RGBA, non-interlaced
Category:	modified
Size (bytes):	12903
Entropy (8bit):	7.968570453548359
Encrypted:	false
SSDEEP:
MD5:	D20410F4C6A9FE5539CE6CA6111B810A
SHA1:	3DD4BEB5CE191CFBE2879BDDF8B159460A22652F
SHA-256:	84CAFDFFC4DD29FA9B20C731EA234A0583A3FFBCB087B53B189F7C4B34819002
SHA-512:	A038F60107F785506CC7980249BAD2DDA8840B8D8E35FEB1D691D4923A059F39D1043938C60F36A104A85D0AA3DDAF792464F65E8DA3C49A437D315163A85CAD
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......6........D....sRGB....... .IDATx^..^...<..u.!....Q%D.......M.k.E..o.Mf2.7....%37...8......bS..U@.!!$TN}.n..o?.s...(7.....9z..k......k.H.B..4.2..B.G(..d..(Tj....B.Q.....jC..HR.Pfm}.#P.P.T...WoTm/P.._<........'...E..i..XeA.m.7..x E..b......o.[40.s..r2F..}..l"...\|.........m."(...U....4.+.dJ..B.N.@E.)Gj.@.L.....<.x.W..#.....Z.....y.@.....-..RK..,..~...W.....r-.+...9.5.)T.}...F9..".. .)u.a......".B7h.z....B_o....s.$..>.K....j.M.......<.._.._.oz...N.....>...>S......;..q..=.0g$5b...S......1.(/...?J..k._.......'.........#pY..a..].$G..O(.....t.J...A..O.o%..i...s...i$....^....s-6.o2.'.5AV.N..}{...1.`.w..\.........}a....d....C.H!..&....o...^a.!.'F0K.o2.'.5A.+J...w.0.-.Sz.=,.. Jp....R.J.>9..}.ei.Z..#:.T..l.iP@a.+..........-c..`.....4........80K............>..\.....@...vi.5C)H.Q.>.J...Kqv.KTk4...j<....U.BHW......$z...T..A.P....0....>..9B}.9.1.%.9i...v..}3....2.L..`Gg.Y..$..2..@.\..7*...d.;..X.........2.).0..'.{.U.......u.t.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{A9BB4B62-BBC2-43A5-B3D2-F0C035A29A75}.tmp

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	11164
Entropy (8bit):	3.73623439517865
Encrypted:	false
SSDEEP:
MD5:	B3BF4DC984E841A92D82351BC84F0B3B
SHA1:	0C53F8A0333EC59FEFE3AB0CE85911BBDE7613F2
SHA-256:	D2052412A3ED2E0A134B8B82EAE769F4D0027E72F66261DA557363EB6B830FF3
SHA-512:	F1646A94EAD1CABAA8D19E76E55784CFE498BA1F5C440874B5E96B05B1D0DFDACDDF4558E13558A495C465B8E614B06A778D20B88F5605336502647FC96022AF
Malicious:	false
Reputation:	unknown
Preview:	......Y.o.u. .d.o.n.'.t. .o.f.t.e.n. .g.e.t. .e.m.a.i.l. .f.r.o.m. .d.i.d.r.i.k.b.e.r.g.@.m.i.c.r.o.s.o.f.t...c.o.m... .H.Y.P.E.R.L.I.N.K. .".h.t.t.p.s.:././.a.k.a...m.s./.L.e.a.r.n.A.b.o.u.t.S.e.n.d.e.r.I.d.e.n.t.i.f.i.c.a.t.i.o.n.".......................................................................................................................................................................................................................................................................................................................&...\...........0............................................................................................................................................................................................................................&..F..-D..M...............-D..M................d,...-D..M............,..$d....%d....&d....'d....-D..M...........N...e......O...e......P...e......Q...e......*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C7B35FF6-2FB1-4C61-A99B-1FFDD9ABAB76}.tmp

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.1121448492410155
Encrypted:	false
SSDEEP:
MD5:	F4AE44D5F771AFF85E9A79C9B85DB620
SHA1:	C59F876EA6BF8A929EAD49EB208F864CEF47085F
SHA-256:	94F736A62B217B87E7FDE399042DEBD7EF116519CDB9546F212E8683E4EEF4C3
SHA-512:	8BD1929924E114F47824ED7839FF2C44EE0185CF43FE910380E2B412D1679BD705C435BACC44910DC7050F2F9D30F39B1C773D42A38D9667E8E7531C515AC218
Malicious:	false
Reputation:	unknown
Preview:	....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...t.o.r.r.e.s...t........................................................................................................................................................................................................................................................................................................................................................................................... ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727865202285952900_ECBF2CD6-77CF-44CF-87E6-ACE9D4696033.log

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	ASCII text, with very long lines (857), with CRLF line terminators
Category:	dropped
Size (bytes):	20971520
Entropy (8bit):	0.00709038095367761
Encrypted:	false
SSDEEP:
MD5:	C425F8CB364C4B024952BF79B292B1D8
SHA1:	5885C9D76741E4FE66A0D1F69BDF91839D997821
SHA-256:	FB57C81158625249E5E18A84AA29C97F8EE82C65EEE85EA6AC6C936920AA97A1
SHA-512:	03DAA615B56EE8757662B9B1B3C03457F762C050F2959CAC1CBBDCC67C47F00E7A539C0178B9036C9095A0AC46F8AE86C29F3B40C5892E72AFCAFDED2109DC38
Malicious:	false
Reputation:	unknown
Preview:	Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/02/2024 10:33:22.309.OUTLOOK (0xA6C).0x1FC.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.System.GracefulExit.GracefulAppExitDesktop","Flags":33777014402039809,"InternalSequenceNumber":21,"Time":"2024-10-02T10:33:22.309Z","Data.PreviousAppMajor":16,"Data.PreviousAppMinor":0,"Data.PreviousAppBuild":16827,"Data.PreviousAppRevision":20130,"Data.PreviousSessionId":"C11EEB27-237A-4E66-8D96-569E23B33D91","Data.PreviousSessionInitTime":"2024-10-02T10:33:01.402Z","Data.PreviousSessionUninitTime":"2024-10-02T10:33:04.495Z","Data.SessionFlags":2147483652,"Data.InstallMethod":0,"Data.OfficeUILang":1033,"Data.PreviousBuild":"Unknown","Data.EcsETag":"\"\"","Data.ProcessorArchitecture":"x64"}...10/02/2024 10:33:22.341.OUTLOOK (0xA6C).0x1558.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":28,"T

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1727865202286786400_ECBF2CD6-77CF-44CF-87E6-ACE9D4696033.log

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	20971520
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	8F4E33F3DC3E414FF94E5FB6905CBA8C
SHA1:	9674344C90C2F0646F0B78026E127C9B86E3AD77
SHA-256:	CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
SHA-512:	7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241002T0633220054-2668.etl

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	modified
Size (bytes):	94208
Entropy (8bit):	4.588002980717007
Encrypted:	false
SSDEEP:
MD5:	A64ABFCED10ED435D5C159D2071DADFE
SHA1:	5B48910436C0BE4B3A59E45319B4D7176BB6843B
SHA-256:	D69C7E9D61E98B462A0DC875583EB9287D6E085FAAAD23D4E79B25DAE8FA838D
SHA-512:	30CF3161EA72E0C0DA13D71DBFC6F303C17CC092850407B183022A55C5B220F7E0535F445DCB4863BFD351F4BE6118E4D25ADD41581E41E5AF7097A521495D84
Malicious:	false
Reputation:	unknown
Preview:	............................................................................b.......l....N .....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y...........N .............v.2._.O.U.T.L.O.O.K.:.a.6.c.:.7.6.2.8.e.5.e.7.4.a.4.8.4.9.8.f.a.b.3.9.4.9.8.1.0.c.f.1.7.a.3.5...C.:.\.U.s.e.r.s.\.t.o.r.r.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.2.T.0.6.3.3.2.2.0.0.5.4.-.2.6.6.8...e.t.l.............P.P.....l....".....................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\msoA95A.tmp

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	GIF image data, version 89a, 15 x 15
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.949125862393289
Encrypted:	false
SSDEEP:
MD5:	ED3C1C40B68BA4F40DB15529D5443DEC
SHA1:	831AF99BB64A04617E0A42EA898756F9E0E0BCCA
SHA-256:	039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
SHA-512:	C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
Malicious:	false
Reputation:	unknown
Preview:	GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

C:\Users\user\AppData\Local\Temp\~DF346A1D5244262A90.TMP

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	163840
Entropy (8bit):	0.5261104467438287
Encrypted:	false
SSDEEP:
MD5:	2A42D44C1F948F95EEB911D7CA743E1D
SHA1:	B182415348F5181BCBD9A67A7D653FDA11C8A0D9
SHA-256:	F2385A12FA5EA844DB42CCBBBD5960217E882D1AE0846F7BAD29C6E20C9CA627
SHA-512:	CDB9291966A4C38D280CAE4001A459C69034B7CEB65A099F0DA91ED1403A52303C7ACC136A281A24CB6C207B3B2C37F8E418449BAE781C59625532279C1F5388
Malicious:	false
Reputation:	unknown
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	30
Entropy (8bit):	1.2389205950315936
Encrypted:	false
SSDEEP:
MD5:	D415D1DA35E4BFA21662CE5ABF2E8138
SHA1:	5B05454897EF8A890949577C4F7EDD48ACC07159
SHA-256:	AC3190327A084525DF26161EE3FB5514633D3D10856D619C656EFC6BEE865137
SHA-512:	C16328B9FBBD2CFECFC1DBE028F7D5ED91465FEE8BAF1E4AF7437A0C34341918CE0E50E0EDCECAA386B6D7780BBE781AA0B78362A2343515477AAF9722F9A75E
Malicious:	false
Reputation:	unknown
Preview:	..............................

C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.6705259511320396
Encrypted:	false
SSDEEP:
MD5:	9BE84F9EE92F7CA42AA1103DBD73FDEF
SHA1:	F041A1742E094A5EE1AB7A000C032E6DA5921F19
SHA-256:	06A2E85832123D2D4ABAA42BBAFB96FC86B87DF5CCFCE38E3E16ECA296DF1F3B
SHA-512:	32A691B9EC21DA94186B2E3EB534FD2C5932296E53D3CAE97A4911EFA48FAEED34DA79B9D1EF7E0F47A49C4EF2848A8954B168A068AAE69D39202C32EFD548B5
Malicious:	false
Reputation:	unknown
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	Microsoft Outlook email folder (>=2003)
Category:	dropped
Size (bytes):	271360
Entropy (8bit):	1.4850640665642132
Encrypted:	false
SSDEEP:
MD5:	A9555F57008261044B2F824757D3E7FF
SHA1:	972B35929E0CD47F465D57A750C6C35F7AE6141A
SHA-256:	CD1167D7D7882D464F4271AD10FCF8E0729730A53004F29C794406FDE6C6AF88
SHA-512:	02FACCF36144C63C6347266F97FC3FC2EE2FF83BCE3CEEF127F49ECC827B427956193394E2C145131A88EA0E28B3E4021B4F7945C03650BFDD88E963289BB213
Malicious:	false
Reputation:	unknown
Preview:	!BDN}.7iSM......\...\|...................X................@...........@...@...................................@...........................................................................$.......D......@B..........................................................................................................................................................................................................................................................................................................................(.......j.....3.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Process:	C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.8397992966653707
Encrypted:	false
SSDEEP:
MD5:	53F112AC36C3742A678157AEA19B131E
SHA1:	F9B3AA380AC7A242E81B5ADFF956CAA248D7CBB1
SHA-256:	92E86463091016249FF1F60418410FDF5A4918D19003F89B786936C8FBE379A7
SHA-512:	4F7CD2D8C29EF942DBA0F13A40F356898E77AE2A25D4BC776460E255AD19E701A9C4F77173C6EEA497EF5823A1DDE5A3FBFAAB787BE2B61227C03D5B4F0C9876
Malicious:	false
Reputation:	unknown
Preview:	.v.<C...G.......l.............................#.!BDN}.7iSM......\...\|...................X................@...........@...@...................................@...........................................................................$.......D......@B..........................................................................................................................................................................................................................................................................................................................(.......j.....3..............B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	CDFV2 Microsoft Outlook Message
Entropy (8bit):	4.373522671178253
TrID:	Outlook Message (71009/1) 58.92% Outlook Form Template (41509/1) 34.44% Generic OLE2 / Multistream Compound File (8008/1) 6.64%
File name:	Axactor Microsoft - Introduksjonsm#U00f8te.msg
File size:	220'160 bytes
MD5:	753e07dc560986e69a18fd3ec1bcce68
SHA1:	ebe1bb8775e0f44126f1806aacfefcd0bac08734
SHA256:	d7fbed810d6e04385a98349f8e3a76904bd13799bd1e4035f5ceb8216cc54460
SHA512:	f046f528e96c512165558204da54bce63270ad982210c7fe34a93c4431a9b258a9455ed4b6fa5e1e48b10ae770d848eb1a06748b95cf0f80e4fefe62f395d4e9
SSDEEP:	3072:DFIeUNqN+OdDn34SPq7zXukqGnHrgD+/S9EwDsw2LfQ0iCSF:DBr+Sl+q9EXL4
TLSH:	572401243AFA1115F277EF3149F690979937BD92AD24994F2081370E0A73A41ED62F3B
File Content Preview:	........................>...................................4...................r.......p......................................................................................................................................................................

Static Mail

General

Subject:	Axactor & Microsoft - Introduksjonsmte
From:	Didrik Berg <didrikberg@microsoft.com>
To:	"roger.opstad@axactor.com" <roger.opstad@axactor.com>; Richard Johnson <Richard.Johnson@microsoft.com>; Marie Kvendset <Marie.Kvendset@microsoft.com>; Marcus Pieterse <marcus.pieterse@microsoft.com>; Kristine Boge <kristineboge@microsoft.com>; Nicolas Fortune-Bredefeldt <nicolasfo@microsoft.com>
Cc:
BCC:
Date:	Tue, 01 Oct 2024 14:24:56 +0200
Communications:	You don't often get email from didrikberg@microsoft.com. Learn why this is important <https://aka.ms/LearnAboutSenderIdentification> CAUTION: This email originates from outside the Axactor organisation Hei Roger! Jeg er Axactor sin nye kundeansvarlig hos Microsoft og jeg nsker avtale et frste mte i midten av oktober for introdusere det nye kundeteamet deres. Dere har n et dedikert team til rdighet bestende av spesialister innenfor lisens/produktivitet, sikkerhet, Azure, Data & AI, devices og BizApps. Vi nsker sette opp en samtale med dere om: * Introduksjon til teamet og rollene vre * Oversikt over deres team og IT-landskap * Info om hvilke ressurser og hva slags sttte vi kan stille med * Bli enige om samarbeidsform for den kommende perioden * Tilbakemelding fra dere p dagens samarbeid, forbedringsomrder etc. Passer foresltt tidspunkt? Ser frem til hre fra deg! Didrik Berg Account Executive Microsoft Norway didrikberg@microsoft.com Mobil. +47 99528003 ________________________________________________________________________________ Microsoft Teams Need help? <https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Faka.ms%2FJoinTeamsMeeting%3Fomkt%3Den-GB&data=05%7C02%7Croger.opstad%40axactor.com%7C4a827b5916584ac981ec08dce21410f1%7Caa047274bbe64fbd98b6b244735e8553%7C0%7C0%7C638633823023809669%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=e3f5e2YsMf4auieHhuQLrf6StyMcHyg4rtLR2tjaFyA%3D&reserved=0> Join the meeting now <https://eur02.safelinks.protection.outlook.com/ap/t-59584e83/?url=https%3A%2F%2Fteams.microsoft.com%2Fl%2Fmeetup-join%2F19%253ameeting_OTEzNTZlOTYtZmZjOC00YWZhLWI4NGMtMmM1OGI0NDQxMGIx%2540thread.v2%2F0%3Fcontext%3D%257b%2522Tid%2522%253a%252272f988bf-86f1-41af-91ab-2d7cd011db47%2522%252c%2522Oid%2522%253a%25223366eb58-cbb1-4993-b451-2cb027033b57%2522%257d&data=05%7C02%7Croger.opstad%40axactor.com%7C4a827b5916584ac981ec08dce21410f1%7Caa047274bbe64fbd98b6b244735e8553%7C0%7C0%7C638633823023835110%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=kvD%2B1Q%2BUFI%2BV%2BXxU1PKXUc9Ado4RbBhpSwWd55N6J0E%3D&reserved=0> Meeting ID: 288 627 600 148 Passcode: spX5Si ________________________________ For organisers: Meeting options <https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fteams.microsoft.com%2FmeetingOptions%2F%3ForganizerId%3D3366eb58-cbb1-4993-b451-2cb027033b57%26tenantId%3D72f988bf-86f1-41af-91ab-2d7cd011db47%26threadId%3D19_meeting_OTEzNTZlOTYtZmZjOC00YWZhLWI4NGMtMmM1OGI0NDQxMGIx%40thread.v2%26messageId%3D0%26language%3Den-GB&data=05%7C02%7Croger.opstad%40axactor.com%7C4a827b5916584ac981ec08dce21410f1%7Caa047274bbe64fbd98b6b244735e8553%7C0%7C0%7C638633823023849968%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=PuHggXlZqVMexd2Z8IcKAv55uAmv97qQOZ%2F2%2BTf6KKI%3D&reserved=0> ________________________________________________________________________________
Attachments:	image.png

Headers

Key	Value
Received	from GV1PR83MB0756.EURPRD83.prod.outlook.com
12	24:56 +0000
ARC-Seal	i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
ARC-Message-Signature	i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
h=From	Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
ARC-Authentication-Results	i=1; mx.microsoft.com 1; spf=pass
(2603	10a6:10:3c3::16) with Microsoft SMTP Server (version=TLS1_2,
2024 12	24:56 +0000
Transport; Tue, 1 Oct 2024 12	24:59 +0000
Authentication-Results	spf=pass (sender IP is 40.107.104.104)
Received-SPF	Pass (protection.outlook.com: domain of microsoft.com designates
15.20.8026.11 via Frontend Transport; Tue, 1 Oct 2024 12	24:59 +0000
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
by PAXPR83MB0559.EURPRD83.prod.outlook.com (2603	10a6:102:246::15) with
([fe80	:7a3:afdc:7cb7:9da6%6]) with mapi id 15.20.8048.007; Tue, 1 Oct 2024
From	Didrik Berg <didrikberg@microsoft.com>
To	"roger.opstad@axactor.com" <roger.opstad@axactor.com>, Richard Johnson
Subject	=?iso-8859-1?Q?Axactor_&_Microsoft_-_Introduksjonsm=F8te?=
Thread-Topic	=?iso-8859-1?Q?Axactor_&_Microsoft_-_Introduksjonsm=F8te?=
Thread-Index	AdsT/JonVAFHrbzzYkS8WqFYSTrKHQ==
Date	Tue, 1 Oct 2024 12:24:56 +0000
Message-ID	<GV1PR83MB07568CED7CB9DCF58D2CFDD0CA772@GV1PR83MB0756.EURPRD83.prod.outlook.com>
Accept-Language	en-GB, en-US
Content-Language	en-GB
X-MS-Has-Attach	yes
X-MS-TNEF-Correlator	msip_labels:
MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2024-10-01T12	22:36.793Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard;
Authentication-Results-Original	dkim=none (message not signed)
x-ms-exchange-calendar-series-instance-id	BAAAAIIA4AB0xbcQGoLgCAAAAACIxO6Z/BPbAQAAAAAAAAAAEAAAAByCo4BKv7xClcWVbQVSse0=
x-ms-traffictypediagnostic	GV1PR83MB0756:EE_MeetingMessage\|PAXPR83MB0559:EE_MeetingMessage\|DB5PEPF00014B8A:EE_\|PAWPR06MB8714:EE_\|PA4PR06MB7182:EE_
X-MS-Office365-Filtering-Correlation-Id	4a827b59-1658-4ac9-81ec-08dce21410f1
x-ms-exchange-senderadcheck	1
x-ms-exchange-antispam-relay	0
X-Microsoft-Antispam-Untrusted	BCL:0;ARA:13230040\|376014\|366016\|1800799024\|10070799003\|38070700018;
X-Microsoft-Antispam-Message-Info-Original	=?us-ascii?Q?E2Ol7xRnH9MNVhrJjJEm0+CH8jCNsYjDWo/nueLrXSr5+Fmscug75fZ3XKVq?=
X-Forefront-Antispam-Report-Untrusted	CIP:255.255.255.255;CTRY:;LANG:nb;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GV1PR83MB0756.EURPRD83.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(10070799003)(38070700018);DIR:OUT;SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-Original-ChunkCount	1
X-MS-Exchange-AntiSpam-MessageData-Original-0	=?iso-8859-1?Q?243yXmxxA99AtwWLIC0AtXmyk8ap8KfjC+ZkrdNZ+7XBHs8uCXHVws6KIr?=
Content-Type	multipart/related;
MIME-Version	1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped	PAWPR06MB8714
Return-Path	didrikberg@microsoft.com
X-MS-Exchange-Organization-ExpirationStartTime	01 Oct 2024 12:24:59.1253
X-MS-Exchange-Organization-ExpirationStartTimeReason	OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval	1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason	OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id	4a827b59-1658-4ac9-81ec-08dce21410f1
X-EOPAttributedMessage	0
X-EOPTenantAttributedMessage	aa047274-bbe6-4fbd-98b6-b244735e8553:0
X-MS-Exchange-Organization-MessageDirectionality	Incoming
X-MS-Exchange-Transport-CrossTenantHeadersStripped	DB5PEPF00014B8A.eurprd02.prod.outlook.com
X-MS-Exchange-Transport-CrossTenantHeadersPromoted	DB5PEPF00014B8A.eurprd02.prod.outlook.com
X-MS-PublicTrafficType	Email
X-MS-Exchange-Organization-AuthSource	DB5PEPF00014B8A.eurprd02.prod.outlook.com
X-MS-Exchange-Organization-AuthAs	Anonymous
X-MS-Office365-Filtering-Correlation-Id-Prvs	f38c7519-1c4d-4720-68e0-08dce2140f62
X-MS-Exchange-AtpMessageProperties	SA\|SL
X-MS-Exchange-Organization-SCL	1
X-Microsoft-Antispam	BCL:0;ARA:13230040\|5073199012\|4073199012\|35042699022;
X-Forefront-Antispam-Report	CIP:40.107.104.104;CTRY:IE;LANG:nb;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:EUR03-DBA-obe.outbound.protection.outlook.com;PTR:mail-dbaeur03on2104.outbound.protection.outlook.com;CAT:NONE;SFTY:9.25;SFS:(13230040)(5073199012)(4073199012)(35042699022);DIR:INB;SFTY:9.25;
X-MS-Exchange-CrossTenant-OriginalArrivalTime	01 Oct 2024 12:24:59.0629
X-MS-Exchange-CrossTenant-Network-Message-Id	4a827b59-1658-4ac9-81ec-08dce21410f1
X-MS-Exchange-CrossTenant-Id	aa047274-bbe6-4fbd-98b6-b244735e8553
X-MS-Exchange-CrossTenant-AuthSource	DB5PEPF00014B8A.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs	Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader	Internet
X-MS-Exchange-Transport-EndToEndLatency	00:00:03.2324669
X-MS-Exchange-Processed-By-BccFoldering	15.20.8005.023
X-Microsoft-Antispam-Mailbox-Delivery	ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003)(1420198);
X-Microsoft-Antispam-Message-Info	=?us-ascii?Q?AfjPQfG0byiVbR/tJa1vh4d3K57vllEKvL3wtMIhPWsMbvCvBme5bdnKNxC9?=
date	Tue, 01 Oct 2024 14:24:56 +0200

File Icon


Icon Hash:	c4e1928eacb280a2