Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Reaction Daily Digest - Friday_ October 4_ 2024.eml

Overview

General Information

Sample name:Reaction Daily Digest - Friday_ October 4_ 2024.eml
Analysis ID:1527684
MD5:836911f694352171aedfffaa7bed3efb
SHA1:cf9ae8b59a1be08fc96c8a676e83d1b169618473
SHA256:b20d0d86501a925036da3828988e305d11aa32fcef0b9213033383cb4c66de9b
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7328 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Reaction Daily Digest - Friday_ October 4_ 2024.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 4592 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D07B48C7-618C-48ED-B269-715C333004DE" "CE7AE299-FFC3-4F4A-B7E5-32D19A523790" "7328" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.aadrm.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.aadrm.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.cortana.ai
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.office.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.onedrive.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://api.scheduler.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://app.powerbi.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://augloop.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://canary.designerapp.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.entity.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cortana.ai
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cortana.ai/api
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://cr.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://d.docs.live.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dev.cortana.ai
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://devnull.onenote.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://directory.services.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ecs.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://graph.windows.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://graph.windows.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://invites.office.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://lifecycle.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://login.windows.local
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://make.powerautomate.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://management.azure.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://management.azure.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://messaging.office.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://mss.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ncus.contentsync.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://officeapps.live.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://onedrive.live.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: Reaction Daily Digest - Friday_ October 4_ 2024.emlString found in binary or memory: https://outlook-1.cdn.office.net/assets/reaction/andro=
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://outlook-1.cdn.office.net/assets/reaction/android.png
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://outlook-1.cdn.office.net/assets/reaction/celebrate.png
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://outlook-1.cdn.office.net/assets/reaction/ios.png
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://outlook-1.cdn.office.net/assets/reaction/mac.png
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://outlook-1.cdn.office.net/assets/reaction/outlook.png
Source: Reaction Daily Digest - Friday_ October 4_ 2024.emlString found in binary or memory: https://outlook-1.cdn.office.net=
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office365.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office365.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://res.cdn.office.net
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://service.powerapps.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://settings.outlook.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://staging.cortana.ai
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://substrate.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://tasks.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: Reaction Daily Digest - Friday_ October 4_ 2024.emlString found in binary or memory: https://url.za.m.m=
Source: Reaction Daily Digest - Friday_ October 4_ 2024.emlString found in binary or memory: https://url.za.m.mimecastprot=
Source: Reaction Daily Digest - Friday_ October 4_ 2024.eml, ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://url.za.m.mimecastprotect.com/s/CdPZCqj5LZHg3OPuQi9FEqVDi
Source: Reaction Daily Digest - Friday_ October 4_ 2024.emlString found in binary or memory: https://url.za.m.mimecastprotect.com/s/bhZaCpgKL2=
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://url.za.m.mimecastprotect.com/s/bhZaCpgKL2igWzNuDh1FGkSKz
Source: Reaction Daily Digest - Friday_ October 4_ 2024.eml, ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://url.za.m.mimecastprotect.com/s/oovBCr05V9fyYA0TysxF4qWIC
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://url.za.m.mimecastprotect.com/s/qGQkCoYKXyfARXLc1f0FpG0Th
Source: Reaction Daily Digest - Friday_ October 4_ 2024.emlString found in binary or memory: https://url.za.m.mimecastprotect.com/s/xmn1C=
Source: ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drString found in binary or memory: https://url.za.m.mimecastprotect.com/s/xmn1Cvg5LZiJ5WjIotLFQXKMd
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://wus2.contentsync.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/19@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8D057123-6606-46F8-ACFE-8AF6866E44BCJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T0247480251-7328.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Reaction Daily Digest - Friday_ October 4_ 2024.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D07B48C7-618C-48ED-B269-715C333004DE" "CE7AE299-FFC3-4F4A-B7E5-32D19A523790" "7328" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D07B48C7-618C-48ED-B269-715C333004DE" "CE7AE299-FFC3-4F4A-B7E5-32D19A523790" "7328" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 0Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		2
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1527684 Sample: Reaction Daily Digest - Fri... Startdate: 07/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 78 149 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://api.microsoftstream.com/api/0%VirustotalBrowse
https://otelrules.svc.static.microsoft0%VirustotalBrowse
https://my.microsoftpersonalcontent.com0%VirustotalBrowse
https://outlook.office.com/autosuggest/api/v1/init?cvid=0%VirustotalBrowse
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false1%VirustotalBrowse
https://d.docs.live.net0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:14438D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.net8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectors8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/appinfo/query8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://powerlift.acompli.net8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://lookup.onenote.com/lookup/geolocation/v18D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://cortana.ai8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/imports8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://cloudfiles.onenote.com/upload.aspx8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://entitlement.diagnosticssdf.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://api.aadrm.com/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://ofcrecsvcapi-int.azurewebsites.net/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://canary.designerapp.8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://ic3.teams.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://www.yammer.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://api.microsoftstream.com/api/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalseunknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://cr.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
  • URL Reputation: safe
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
    		unknown
    https://url.za.m.mimecastprotect.com/s/CdPZCqj5LZHg3OPuQi9FEqVDiReaction Daily Digest - Friday_ October 4_ 2024.eml, ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drfalse
      		unknown
      https://messagebroker.mobile.m365.svc.cloud.microsoft8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
      • URL Reputation: safe
      		unknown
      https://otelrules.svc.static.microsoft8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalseunknown
      https://url.za.m.mimecastprotect.com/s/bhZaCpgKL2igWzNuDh1FGkSKz~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drfalse
        		unknown
        https://portal.office.com/account/?ref=ClientMeControl8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://clients.config.office.net/c2r/v1.0/DeltaAdvisory8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://edge.skype.com/registrar/prod8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://graph.ppe.windows.net8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://res.getmicrosoftkey.com/api/redemptionevents8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://powerlift-frontdesk.acompli.net8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://tasks.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://officeci.azurewebsites.net/api/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://sr.outlook.office.net/ws/speech/recognize/assistant/work8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.scheduler.8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://my.microsoftpersonalcontent.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalseunknown
        https://store.office.cn/addinstemplate8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.aadrm.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://edge.skype.com/rps8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://outlook.office.com/autosuggest/api/v1/init?cvid=8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalseunknown
        https://globaldisco.crm.dynamics.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://messaging.engagement.office.com/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://dev0-api.acompli.net/autodetect8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://www.odwebp.svc.ms8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.diagnosticssdf.office.com/v2/feedback8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.powerbi.com/v1.0/myorg/groups8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
        • URL Reputation: safe
        		unknown
        https://url.za.m.m=Reaction Daily Digest - Friday_ October 4_ 2024.emlfalse
          		unknown
          https://web.microsoftstream.com/video/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.addins.store.officeppe.com/addinstemplate8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://graph.windows.net8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://dataservice.o365filtering.com/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://officesetup.getmicrosoftkey.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://analysis.windows.net/powerbi/api8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://prod-global-autodetect.acompli.net/autodetect8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://substrate.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com/autodiscover/autodiscover.json8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://consent.config.office.com/consentcheckin/v1.0/consents8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
          • URL Reputation: safe
          		unknown
          https://url.za.m.mimecastprotect.com/s/oovBCr05V9fyYA0TysxF4qWICReaction Daily Digest - Friday_ October 4_ 2024.eml, ~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drfalse
            		unknown
            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://d.docs.live.net8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalseunknown
            https://safelinks.protection.outlook.com/api/GetPolicy8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://ncus.contentsync.8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
            • URL Reputation: safe
            		unknown
            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalseunknown
            https://url.za.m.mimecastprotect.com/s/bhZaCpgKL2=Reaction Daily Digest - Friday_ October 4_ 2024.emlfalse
              		unknown
              https://url.za.m.mimecastprotect.com/s/xmn1Cvg5LZiJ5WjIotLFQXKMd~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drfalse
                		unknown
                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                http://weather.service.msn.com/data.aspx8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://apis.live.net/v5.0/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://officepyservice.office.net/service.functionality8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://templatesmetadata.office.net/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://messaging.lifecycle.office.com/8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://mss.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://pushchannel.1drv.ms8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://management.azure.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office365.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                • URL Reputation: safe
                		unknown
                https://url.za.m.mimecastprotect.com/s/qGQkCoYKXyfARXLc1f0FpG0Th~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp.0.drfalse
                  		unknown
                  https://wus2.contentsync.8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://incidents.diagnostics.office.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://clients.config.office.net/user/v1.0/ios8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://make.powerautomate.com8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.addins.omex.office.net/api/addins/search8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://insertmedia.bing.office.net/odc/insertmedia8D057123-6606-46F8-ACFE-8AF6866E44BC.0.drfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1527684
                  Start date and time:2024-10-07 08:46:27 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 25s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:9
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Reaction Daily Digest - Friday_ October 4_ 2024.eml
                  Detection:CLEAN
                  Classification:clean1.winEML@3/19@0/0
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .eml

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                  • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 51.11.192.49, 2.19.126.151, 2.19.126.160
                  • Excluded domains from analysis (whitelisted): ecs.office.com, omex.cdn.office.net, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, onedscolprdfrc07.francecentral.cloudapp.azure.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com, a1864.dscd.akamai.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtCreateFile calls found.
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadFile calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.

                  Simulations

                  Behavior and APIs

                  No simulations

                  LLM Input / Output

                  InputOutput
                  URL: Email Model: jbxai
                  {
"brand":["Microsoft Outlook"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"Go to message",
"text_input_field_labels":["Mac",
"iOS",
"Android"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"celebrate Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - Paul",
"has_visible_qrcode":false}

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):118
                  Entropy (8bit):3.5700810731231707
                  Encrypted:false
                  SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                  MD5:573220372DA4ED487441611079B623CD
                  SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                  SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                  SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):231348
                  Entropy (8bit):4.221257308696851
                  Encrypted:false
                  SSDEEP:1536:fYLwgsf9HwmgsJNcAz79ysQqt2WqoQDrcm0Fvoy0wkEVaFmjuRun:owgYwmgamiGu2WqoQDrt0Fvr0FEVOy
                  MD5:570A318FD0D26DEDB6122E7171EDB74C
                  SHA1:9F4E031B66CDC826BBE7D8C9C7BC3D0363C947FE
                  SHA-256:5ACF914D6319894DE327F270AE23FFA236C92D2D37AC97D309B4DCBACA9FEEE8
                  SHA-512:51CA033C26CDAF9A28D770095D1BC77F9727A5B32B34884708AA9EE06D7037F9ED91D18704F0F89D8FA3951843EA371AAD772E8CB0A646BF8E6AF5CAFA10F128
                  Malicious:false
                  Reputation:low
                  Preview:TH02...... ............SM01X...,....st............IPM.Activity...........h...............h............H..h...............h............H..h.... ..........h....0..........h...............h...............h....@..........h....H..........0....T...............d.........2h...............k..............!h.............. h..............#h....8.........$h........8....."h..............'h..............1h....<.........0h....4........./h....h.......H..h....p.........-h..............+h............................ ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:dropped
                  Size (bytes):322260
                  Entropy (8bit):4.000299760592446
                  Encrypted:false
                  SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                  MD5:CC90D669144261B198DEAD45AA266572
                  SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                  SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                  SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):10
                  Entropy (8bit):2.2464393446710154
                  Encrypted:false
                  SSDEEP:3:LNXdVL:hXdt
                  MD5:0507B011F6B69ECA728556719C16E9D7
                  SHA1:FD5375EF7DC803DF37F0598E7E4421C72DA154B9
                  SHA-256:3D68A5F58951DC24C8EE09BFB659BCAC503B6788C04ACE35D2475551B903F7F4
                  SHA-512:0401AEA91191A16D0BA19F37BA07163CFEBEBF4A9D500443B3838766A0670E856780587F9F50F458E3FC512C354B85F8C22DFB9C5961ED51BF171C0C77F6DE82
                  Malicious:false
                  Reputation:low
                  Preview:1728283717

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8D057123-6606-46F8-ACFE-8AF6866E44BC

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):177810
                  Entropy (8bit):5.28722511535103
                  Encrypted:false
                  SSDEEP:1536:ci2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXPEAD2Odavo:5Ce7HW8bM/o/TXsk4o
                  MD5:841D017A4D7B5E8E62FBCB7C62F35FFF
                  SHA1:410F051A54BA1C4D929BD604CE1BA689F5C57E64
                  SHA-256:92F79F1E1815641669DCAB8060430BA58EB5369F7E09F583F41EC4032368AFFF
                  SHA-512:8D4C996F7E6E083F754A01747E5A22D6F83C4DC2239F99F3724FADB3264D90A98C00283ACB426421A0B452980A80D36852D2B65B40929551CE50703A96D21FDF
                  Malicious:false
                  Reputation:low
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-07T06:48:28">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.04583532429010245
                  Encrypted:false
                  SSDEEP:3:GtlxtjlftUrdf3VjylxtjlftUrdf3VjtR9//8l1lvlll1lllwlvlllglbelDbllb:GtVydf1yVydf1H9X01PH4l942wU
                  MD5:2B01E1B2BDA3045B83F2C5C00D26EB27
                  SHA1:32F5B12A824B37D65F07498062CB7A24235B92DD
                  SHA-256:36AC71AF85E320EDB3247A8B3F631204D3324679CACCF5C5BE4B331AD6E23471
                  SHA-512:2783907402493042AC17C1F17F5E2016EF44423115E4601469A5D06E3D79B5F87EFCDBEB340D5171390818A749958C32D7F408D189028F7D6065FB94892735E5
                  Malicious:false
                  Reputation:low
                  Preview:..-........................p...^.?..:t4d....."..-........................p...^.?..:t4d....."........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite Write-Ahead Log, version 3007000
                  Category:dropped
                  Size (bytes):49472
                  Entropy (8bit):0.4825784219834305
                  Encrypted:false
                  SSDEEP:48:9rdYn7wQ14OyKUll7DYM4GYPNszO8VFDYM4tDXBO8VFDYML:9RejmNlll4RGANUjVGRtDxjVGC
                  MD5:2BFC2C0CDF69BFF6D342312E1A0FE686
                  SHA1:3B62271B57EAF43E02E1C15B1668FB0DA2C8EB11
                  SHA-256:7B8A8257BB00AA271B2EA3B4AD8C039BD42DD456FD38F579B5A59A8CBEECE5D1
                  SHA-512:DB5A713B0CDBCD202C5A64C2B9C5DC448C4F2BE27814EAD09506118DE33D743E263C27FB3BEB30CC2BA0EB3F1329F77C6F315D7E40B3AAA82724E2B7BD7FA0D5
                  Malicious:false
                  Reputation:low
                  Preview:7....-...........?..:t4.&..............?..:t4.......SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\4FF98C7B.dat

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 32x32, components 3
                  Category:dropped
                  Size (bytes):1249
                  Entropy (8bit):7.488021453454021
                  Encrypted:false
                  SSDEEP:24:u0o0XxDuLHeOWXG4OZ7DAJuLHenX3A6PweZ/RzM28LEVrE6bU131pp:uFuERAvwyojqEbdp
                  MD5:9F5CECB658DB861620ED07070CF3DCA7
                  SHA1:FD3CB66164EA08B0431D56D26102A955F1CE3CB9
                  SHA-256:8C6075D78EF00DFEE3917B09B0DA15870CF26F2FD04FE409FD80ABCFD1CB6EA9
                  SHA-512:89E94A395C871765A2AF2D2158D94A77A2A9CD76984DC024B4FB8E2C4A647DA0004D1254BF80B9630106F3FEA35F0B108C52B8C7ACC35164C38342E550443A8A
                  Malicious:false
                  Preview:......JFIF.....`.`.....C....................................................................C....................................................................... . .."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......Q#.p.k..|i..z.....7...Ciy........B..'BG....|x.....x.X.M..[.v..W.P....o.....|=.w..tK.-=4..\]Hc`.6ei..0.X.'...;$...|...F/.).}.....o...*...1...~..[.W.O....#..%O.h.......[.....v>..>...c....i..vn4.B.,O.z....A........M..&..,.E%...42.!PH;.r2..+...I..v....Y...OD........o.8s.O...4y%.F..8..m........i...4...'.....>...%g....r..3_LY.m.x>.[.....i6..f.2..24C.E.F...

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{805B6D67-2778-4F0D-8638-C8873A60FEA8}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):14172
                  Entropy (8bit):3.6914314851322096
                  Encrypted:false
                  SSDEEP:192:G8ubB+ScJNlUbgdDFXQYR9gWOn8EDCAm1x8wIF8usJL8+n/:u+ScJNKbgd5XQYROWOOb1b5/
                  MD5:1EF43A1842100404C3C4761B2CDDBECC
                  SHA1:97D0C0F230DFA60721F1AEBCA91B2414360AF1A4
                  SHA-256:09AD9AB39E2AFB224CF3DA3E856AF41C5C0CAAD1741233530AB9758719142E36
                  SHA-512:AE38F858B59888A369FC2851C7654D838B6EFB7F21DB50264EEB11CD626E6A6444A7109A5CED007498A4CEFBB850BE2692F91C57398B09D159DAD4AD92968C65
                  Malicious:false
                  Preview:....M.i.c.r.o.s.o.f.t. .O.u.t.l.o.o.k...I.N.C.L.U.D.E.P.I.C.T.U.R.E. . .\.d. .".h.t.t.p.s.:././.o.u.t.l.o.o.k.-.1...c.d.n...o.f.f.i.c.e...n.e.t./.a.s.s.e.t.s./.r.e.a.c.t.i.o.n./.o.u.t.l.o.o.k...p.n.g.". .\.*. .M.E.R.G.E.F.O.R.M.A.T.I.N.E.T... . .......................................................................................................................................................................................................................................................................................(............... ...H...J...L...X..............................."...$.......................................................................................................................................................................................................................................................................................$..$.If....:V.......t.....6......4........4........a....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4.

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728283703126340600_FCC9E807-26ED-431B-B009-9DD43C69317C.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with very long lines (28794), with CRLF line terminators
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.16154578009371615
                  Encrypted:false
                  SSDEEP:1536:iUE7EY9TkC8vzBobjBNkFgfIUQYqHT8lae7jJQMQfDYDKXM:QEU2zB15VaEM
                  MD5:24611AB53B2923BBFA6537D5A1CFA8AB
                  SHA1:7A608660614C20F5C5D7F72B48B76BC954DF7F55
                  SHA-256:90F5DDA94146FF2C5E317F9D8115E9CE23BCBD56BD79014A5A5A86D66C390183
                  SHA-512:135D3862DE5B5A3DBE9911C2AAC2AD969B6C477C46772776E65B22A78FD5374A12F728DD2F5E4370FE88C4FE2DB82873C246177665F9DCB2A8B2C4D7BD600F6F
                  Malicious:false
                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/07/2024 06:48:23.205.OUTLOOK (0x1CA0).0x1CA4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-07T06:48:23.205Z","Contract":"Office.System.Activity","Activity.CV":"B+jJ/O0mG0OwCZ3UPGkxfA.4.7","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/07/2024 06:48:23.205.OUTLOOK (0x1CA0).0x1CA4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-10-07T06:48:23.205Z","Contract":"Office.System.Activity","Activity.CV":"B+jJ/O0mG0OwCZ3UPGkxfA.4.8","Activity.Duration":7,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"",

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728283703126699800_FCC9E807-26ED-431B-B009-9DD43C69317C.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T0247480251-7328.etl

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):98304
                  Entropy (8bit):4.48810891372058
                  Encrypted:false
                  SSDEEP:1536:x3gfojqFtZJ5tWSB0sxKollhtmSnhUwviLigEvt4WZdHnp7raLKWsU7V41sb0p0B:x3gfojqFtZJ5tWSB0sxKollhtmSnhUws
                  MD5:0504F2468011022D62BE488BEF174390
                  SHA1:DA038FC089C698624340D986ECF92ADBC90A32BC
                  SHA-256:9D4896461159775089D8CA5608EEBE9C07678B39B5DC98523C7608802633AB68
                  SHA-512:A3CE20686E136338B668823F1C2A87B751C4A31078C1D2C492EEAD87792BCB4FE10CB4A5804824D7A0F476504FB2F25F06BE470CB7770B463A8B215F547CE917
                  Malicious:false
                  Preview:............................................................................b.............m....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................sl.............m............v.2._.O.U.T.L.O.O.K.:.1.c.a.0.:.1.f.6.2.6.8.b.e.7.c.d.e.4.4.f.1.9.b.5.d.6.f.7.8.d.7.7.f.b.6.0.b...C.:.\.U.s.e.r.s.\.t.o.t.t.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.7.T.0.2.4.7.4.8.0.2.5.1.-.7.3.2.8...e.t.l.............P.P...........m....................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DF16209D22058E4AC2.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):0.3613836054883338
                  Encrypted:false
                  SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                  MD5:679672A5004E0AF50529F33DB5469699
                  SHA1:427A4EC3281C9C4FAEB47A22FFBE7CA3E928AFB0
                  SHA-256:205D000AA762F3A96AC3AD4B25D791B5F7FC8EFB9056B78F299F671A02B9FD21
                  SHA-512:F8615C5E5CF768A94E06961C7C8BEF99BEB43E004A882A4E384F5DD56E047CA59B963A59971F78DCF4C35D1BB92D3A9BC7055BFA3A0D597635DE1A9CE06A3476
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DFAA45A3E7AB691567.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):0.6699169976837407
                  Encrypted:false
                  SSDEEP:12:rl3baFzcqLKeTy2MyheC8T23BMyhe+S7wzQe9zNMyhe+S7xMyheCCNp:rEvmnq1Pj961CNp
                  MD5:81C61100E76E2D3624C93AC1402BD3DE
                  SHA1:BC199F6DEB29DF1482BC29D20A3ECAB82926C714
                  SHA-256:3C0060E75CD4D73B238B9559D7978AC4C0B87B42747427873D2505A2CA2987B5
                  SHA-512:9CD9C18230F374FEDBCCF4F8DAA5EADFF47F24BFDF8AE8A0C90C52BE5CB5914B2D311F748C5C18A003C7C34122E90390334194755F0A654F0B32AE77711244E6
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6d2bac8f1edf6668.customDestinations-ms (copy)

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):9871
                  Entropy (8bit):3.5154866554282242
                  Encrypted:false
                  SSDEEP:96:o2VDvCZ/zy99sDva/8LDvw/m1DveW/51QDvCM/F:oiDUCsDk8LDym1DZzQD3F
                  MD5:0AC22562101B6BF9F64436FDBA590ABC
                  SHA1:102896D16D119EAD2605A4099057FB4B5ABC927F
                  SHA-256:B2BB70392F771863663F84408FF10328496DDA2F82050222BD0148419D0D2D44
                  SHA-512:943445C11EBB54D7E621260FCA17FAECD46872B9CB8F7756C343B9540D996B71775277256487CB4A75711A5F4AE667A768AE28CB15665BCECD24D21E19E6FCDC
                  Malicious:false
                  Preview:...................................FL..................F.@.. ..._YE2{...3S.......t2{...........................;....P.O. .:i.....+00.../C:\.....................1.....GY.5..PROGRA~2.........O.IGY.5....................V......L1.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1.....EW5X..MICROS~2..R......EW5XGY.6....K>......................T.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....N.1.....EW5X..root..:......EW3XGY.5.....3....................<.M.r.o.o.t.....Z.1.....EW5X..Office16..B......EW4XGY.5.....:........................O.f.f.i.c.e.1.6.....b.2.....EW.X .OUTLOOK.EXE.H......EW.XGY.5.....'....................#...O.U.T.L.O.O.K...E.X.E.......p...............-.......o............F.......C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE.... .-.c. .I.P.M...N.o.t.e.A.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.R.o.o.t.\.O.f.f.i.c.e.1.6.\.O.U.T.L.O.O.K...E.X.E.........%ProgramFiles%\Microsoft Office\Root\

                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HS1D0SDX2IC4NW3TAKFN.temp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):9871
                  Entropy (8bit):3.5154866554282242
                  Encrypted:false
                  SSDEEP:96:o2VDvCZ/zy99sDva/8LDvw/m1DveW/51QDvCM/F:oiDUCsDk8LDym1DZzQD3F
                  MD5:0AC22562101B6BF9F64436FDBA590ABC
                  SHA1:102896D16D119EAD2605A4099057FB4B5ABC927F
                  SHA-256:B2BB70392F771863663F84408FF10328496DDA2F82050222BD0148419D0D2D44
                  SHA-512:943445C11EBB54D7E621260FCA17FAECD46872B9CB8F7756C343B9540D996B71775277256487CB4A75711A5F4AE667A768AE28CB15665BCECD24D21E19E6FCDC
                  Malicious:false
                  Preview:...................................FL..................F.@.. ..._YE2{...3S.......t2{...........................;....P.O. .:i.....+00.../C:\.....................1.....GY.5..PROGRA~2.........O.IGY.5....................V......L1.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1.....EW5X..MICROS~2..R......EW5XGY.6....K>......................T.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....N.1.....EW5X..root..:......EW3XGY.5.....3....................<.M.r.o.o.t.....Z.1.....EW5X..Office16..B......EW4XGY.5.....:........................O.f.f.i.c.e.1.6.....b.2.....EW.X .OUTLOOK.EXE.H......EW.XGY.5.....'....................#...O.U.T.L.O.O.K...E.X.E.......p...............-.......o............F.......C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE.... .-.c. .I.P.M...N.o.t.e.A.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.R.o.o.t.\.O.f.f.i.c.e.1.6.\.O.U.T.L.O.O.K...E.X.E.........%ProgramFiles%\Microsoft Office\Root\

                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Microsoft Outlook email folder (>=2003)
                  Category:dropped
                  Size (bytes):271360
                  Entropy (8bit):2.147437154722156
                  Encrypted:false
                  SSDEEP:1536:BCFTRIpWfkR7cGQiW53jEpEHP4qQZ0PAwr+/OaCW53jEpEHP4qQZ0PAwrn:BClRSWPGhp9+p9
                  MD5:BF36A2A23D1E174E3077BD3BBED053C3
                  SHA1:3932D56D823875B6EF2E640E44091A28159EEA0C
                  SHA-256:181F6CEF9790A1B013F07337850A1816DD8D52845DC69E6F68B182906751CCB9
                  SHA-512:F7B63E434C2CCB5FF1B39D00E4848A2680093988710FBA3FB27021F45C38FC979B711CEBE2220DB8F3CD01CBB3D0D678B099B62AE621C93D87FA032152F7AC58
                  Malicious:false
                  Preview:!BDN....SM......\.......@&..............R................@...........@...@...................................@...........................................................................$.......D...............................$..................................................................................................................................................................................................................................................................................................P............J.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):131072
                  Entropy (8bit):2.8112834791944814
                  Encrypted:false
                  SSDEEP:1536:ejnq9coW53jEpEHP4qQZ0PAwr5CJce5T:cqp923q
                  MD5:A1698E5B33A1D8AACC3A7551B49E011F
                  SHA1:E7D0A1348D52064AB3D093565BD78D20E8CF9D6D
                  SHA-256:1AA46EF70E871429F31E59ED2723FBB058FC041DE80FECFC7837E339A208C69F
                  SHA-512:9B4DEFA57AF691A5F4C2980A67261A0B208EF2B4116ADC4C3138A48ACEDD1ED88EC9B46EA03740F97EEF83935F793C6A6D6471DF229828F7157181A1EDB2C273
                  Malicious:false
                  Preview:...C...............!ck......................#.!BDN....SM......\.......@&..............R................@...........@...@...................................@...........................................................................$.......D...............................$..................................................................................................................................................................................................................................................................................................P............J...........#.86...AAAAAAA...AAAAA.}MAMA.A2ALAAAAAAAAAAAbA5AtA.!.AGA.A.bbA.A`A.].A%A.A...A AHA...AVA.A.n.AKAMA6d.A.A4A6.A~AEA...6.A.A..Ab.A...A...A...An.LA..bA...A..bA..#A..bA5..A...6#.qA.^tA..&A.5.6..A..bA..A...6`.~A.G.6N..A..bA2..A...A.#.A.A.#cA...6*#.A.*.An..A...A..A.-bA.(A.LbA..A.tbA.SAA.AbA.S.A.6bA...A...AAA.AtA86....................................................<.L.7.,.L........A.A.A.A.A.ApA:ASA.A.AUA

                  Static File Info

                  General

                  File type:RFC 822 mail, ASCII text, with very long lines (891), with CRLF line terminators
                  Entropy (8bit):5.9541717624143615
                  TrID:
                  • E-Mail message (Var. 5) (54515/1) 100.00%
                  File name:Reaction Daily Digest - Friday_ October 4_ 2024.eml
                  File size:11'147 bytes
                  MD5:836911f694352171aedfffaa7bed3efb
                  SHA1:cf9ae8b59a1be08fc96c8a676e83d1b169618473
                  SHA256:b20d0d86501a925036da3828988e305d11aa32fcef0b9213033383cb4c66de9b
                  SHA512:fc0861f98f7df370128a2a0aac8ddf5afa051160a6cf607fd5ee1a6de8bae6627d2ab9278d7da6aee69ccade38ac7bf00e6bfd30c34873b1094efaefacdb7c6b
                  SSDEEP:192:XIZvcOTFT6qR7JzK/aB6SjiUO3pulg/K374Bnv8nx0RIXkA5:XI9cOn7it4iUkpmgykuncDA5
                  TLSH:48320BA1B14200519FB2B6E6F5017DC876A649DDC3E30CE87C3E76B26DD68B1015ABCE
                  File Content Preview:Received: from PAVPR09MB6331.eurprd09.prod.outlook.com.. (2603:10a6:102:30b::18) by DB6PR0902MB1973.eurprd09.prod.outlook.com with.. HTTPS; Fri, 4 Oct 2024 12:24:16 +0000..Received: from substrate.office.com (2603:10a6:102:30b::18) by.. PAVPR09MB6331.eurp

                  Static Mail

                  General

                  Subject:Reaction Daily Digest - Friday, October 4, 2024
                  From:Microsoft Outlook Reactions <no-reply@microsoft.com>
                  To:Savannah Opperman <Savannah.Opperman@brightrock.co.za>
                  Cc:
                  BCC:
                  Date:Fri, 04 Oct 2024 12:24:15 +0000
                  Communications:
                  • Reaction Daily Digest - Friday, October 4, 2024Microsoft Outlook Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to messageUpgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Reaction Daily Digest - Friday, October 4, 2024 Reaction Daily Digest - Friday, October 4, 2024 Microsoft Outlook Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to messageUpgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Microsoft Outlook Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to messageUpgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Microsoft Outlook Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to messageUpgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Microsoft Outlook Microsoft Outlook Microsoft Outlook Microsoft Outlook Microsoft Outlook Microsoft Outlook Microsoft Outlook Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to message Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to message Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to message Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - PaulGo to message Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 Leiken du Toit reacted to your message Thu 10/03/2024 10:13 503608226 - preferred name - Paul 503608226 - preferred name - Paul 503608226 - preferred name - Paul Go to message Go to message Go to message Go to message https://url.za.m.mimecastprotect.com/s/qGQkCoYKXyfARXLc1f0FpG0Th Upgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Upgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Upgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Upgrade to the latest Outlook now to send reactions Mac iOS Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Upgrade to the latest Outlook now to send reactions Upgrade to the latest Outlook now to send reactions Upgrade to the latest Outlook now to send reactions Mac iOS Android Mac iOS Android Mac iOS Android Mac iOS Android Mac iOS Android Mac Mac Mac https://url.za.m.mimecastprotect.com/s/bhZaCpgKL2igWzNuDh1FGkSKz Mac iOS iOS iOS https://url.za.m.mimecastprotect.com/s/CdPZCqj5LZHg3OPuQi9FEqVDi iOS Android Android Android https://url.za.m.mimecastprotect.com/s/CdPZCqj5LZHg3OPuQi9FEqVDi Android Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Unsubscribe Privacy statementMicrosoft Corporation, One Microsoft Way, Redmond, WA 98052 Unsubscribe https://url.za.m.mimecastprotect.com/s/oovBCr05V9fyYA0TysxF4qWIC Privacy statement https://url.za.m.mimecastprotect.com/s/xmn1Cvg5LZiJ5WjIotLFQXKMd Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
                  Attachments:
                  • Image88de1dab-0035-4f93-972e-0743fa0ec309.jpeg

                  Headers

                  Key Value
                  Receivedfrom substrate.office.com (2603:10a6:102:30b::18) by PAVPR09MB6331.eurprd09.prod.outlook.com with HTTP via DB8P191CA0023.EURP191.PROD.OUTLOOK.COM; Fri, 4 Oct 2024 12:24:15 +0000
                  FromMicrosoft Outlook Reactions <no-reply@microsoft.com>
                  DateFri, 04 Oct 2024 12:24:15 +0000
                  SubjectReaction Daily Digest - Friday, October 4, 2024
                  Message-Id<BHT21MQP9OU4.GH7SY9HR1B7Z@db9pr09mb4907>
                  ToSavannah Opperman <Savannah.Opperman@brightrock.co.za>
                  X-Ms-PublictraffictypeEmail
                  X-Ms-Exchange-Organization-AuthasInternal
                  X-Ms-Exchange-Organization-AuthsourceHttpSubmission-PAVPR09MB6331
                  Client-Request-Id2310187e-9a2e-40c5-bbc0-ec194bba9c4b
                  Request-Id2310187e-9a2e-40c5-bbc0-ec194bba9c4b
                  Return-Pathno-reply@microsoft.com
                  X-Ms-Exchange-Organization-Expirationstarttime04 Oct 2024 12:24:15.3247 (UTC)
                  X-Ms-Exchange-Organization-ExpirationstarttimereasonOriginalSubmit
                  X-Ms-Exchange-Organization-Expirationinterval1:00:00:00.0000000
                  X-Ms-Exchange-Organization-ExpirationintervalreasonOriginalSubmit
                  X-Ms-Exchange-Organization-Network-Message-Id2edba975-b717-46de-4ec3-08dce46f7613
                  X-Ms-TraffictypediagnosticPAVPR09MB6331:EE_ReactionDigestEmail|DB6PR0902MB1973:EE_ReactionDigestEmail
                  X-Ms-Exchange-Organization-Scl1
                  X-Microsoft-AntispamBCL:0;ARA:13230040|4022899009|69100299015|41050700001
                  X-Forefront-Antispam-ReportCIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:;PTR:;CAT:NONE;SFS:(13230040)(4022899009)(69100299015)(41050700001);DIR:INT
                  X-Ms-Exchange-Crosstenant-AuthasInternal
                  X-Ms-Exchange-Crosstenant-AuthsourceHttpSubmission-PAVPR09MB6331
                  X-Ms-Exchange-Crosstenant-Ida9633fc0-aacc-4105-90b2-398485636c5d
                  X-Ms-Exchange-Crosstenant-Originalarrivaltime04 Oct 2024 12:24:15.2677 (UTC)
                  X-Ms-Exchange-Crosstenant-Network-Message-Id2edba975-b717-46de-4ec3-08dce46f7613
                  X-Ms-Exchange-Transport-CrosstenantheadersstampedPAVPR09MB6331
                  X-Ms-Exchange-Organization-MessagedirectionalityOriginating
                  X-Ms-Exchange-Transport-Endtoendlatency00:00:01.7146722
                  X-Ms-Exchange-Processed-By-Bccfoldering15.20.8005.023
                  X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(425001)(930097)(140003)
                  X-Microsoft-Antispam-Message-Info6/FwJh4donRGkc4kU01CoDFpRQmztP4lxeObDEubDwYXozhUSSmtCH7YPgIoJ9tXdpt0zto3fUCHGBuhnBclZSIysVUninJiOaVzl/RaVcV8vlQ0VmtI+BkztpIJgg0OhK3GCzi6wFnUOZhJ4eo5mM73Vzgf6TG5U7/j6jA5Bu9bjgpx/B/vNIBbtMBP0ocPEg422rkzXVIRCcs5vu8oagh9PP+xmIcvWaBwJ0nrEYiPvhi6hZqGo/QRbCseGnhyzq9T0V6xjSpWYcsHZdCiMXM3I5YoLo5Y4ltgV1UJTK+lhd5gijWNw9kLRKulKpr2/KAv2zVFRhfB9DpsAVK80+FbJhq/hBq1AIUKf3TmkWtfrn6gJnkSUjRkQTQX9Pm2uoRppCJ7B14xdhccF6Jdnq55P3EZkQMQOLzSPjTR7EVNiv1nOnbujVYvwfXo4nrhHEPEg1PcdZbNvZNNaPmxf/eHcG1X5r9/rcFYoth6ZZ5arkkxitOcDif3BNbZAZOu7cCUVOaHQNtsV8Tl3jKSi8P+3jhHg2JYOMhxEX0ZrGMRgDLlOhMuoLzGMZmBKFdr9UZfVdAeqRsxIdqPDBzyYFB0/gxc68POJk7nSCG374a56drMhGnSXqCELz1+t2XQNLQ+nWFpjkhA5X6+T6tTG7+LocZsKv/gOXWzcKnSwpBp9SIMMPKdfJBwBh1gkGpWZFeWB4zrit+R80+hiiNPGvqOpuFaX79uUlvUc1qifldzBGwYXD8foFTObVUeq+RL2g95QhBPcWb5i2x7KzDgsL/G/803soNDVaf4DtLGDOQ9He21Z7V12HHsg86hgffBhe9j3911Oak+2mGUWT0qCg==
                  Content-Typemultipart/mixed; boundary="----sinikael-?=_1-17280448853670.28031098049656594"
                  MIME-Version1.0

                  File Icon

                  Icon Hash:46070c0a8e0c67d6

                  Network Behavior

                  No network behavior found

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:02:47:44
                  Start date:07/10/2024
                  Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  Wow64 process (32bit):true
                  Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Reaction Daily Digest - Friday_ October 4_ 2024.eml"
                  Imagebase:0xd60000
                  File size:34'446'744 bytes
                  MD5 hash:91A5292942864110ED734005B7E005C0
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  General

                  Target ID:7
                  Start time:02:48:33
                  Start date:07/10/2024
                  Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D07B48C7-618C-48ED-B269-715C333004DE" "CE7AE299-FFC3-4F4A-B7E5-32D19A523790" "7328" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                  Imagebase:0x7ff7ca700000
                  File size:710'048 bytes
                  MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:false

                  Disassembly

                  No disassembly