Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg

Overview

General Information

Sample name:_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg
Analysis ID:1528436
MD5:40976773cd1e7dffff359440504ad7ad
SHA1:11c7f8f80152d67bef5274f3874a9bcc9472b37d
SHA256:666e5d6b72eb2ed02ce466bd0fcba3eb91eb2804d0699c03267c26446b5c8c46
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Opens network shares
Creates a window with clipboard capturing capabilities
Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 4104 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 5440 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0048EC3B-F4E8-46CD-AAE9-F637D36AF731" "1DC5220A-17EF-426A-945F-68130EA5A8BE" "4104" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 4104, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: media.em.sailthru.com
Source: global trafficDNS traffic detected: DNS query: sli.em.sailthru.com
Source: global trafficDNS traffic detected: DNS query: t.em.sailthru.com
Source: global trafficDNS traffic detected: DNS query: stcblink.em.sailthru.com
Source: global trafficDNS traffic detected: DNS query: augloop.office.com
Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.drString found in binary or memory: http://augloop.office.com/settings.json
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache.0.drString found in binary or memory: http://json-schema.org/draft-07/schema#
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msgString found in binary or memory: http://schema.org
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://8x1p840npode.blob.core.windows.net/8x1p840npode/1.htm
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msgString found in binary or memory: https://8x1p840npode.blob.core.windows.net/8x1p840npode/1.htm#14;kSx7yh2OMqJmt2dxYbd
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://8x1p840npode.blob.core.windows.net/8x1p840npode/1.png?kSx7yh2OMqJmt2dxYbd
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://8x1p840npode.blob.core.windows.net/8x1p840npode/2.htm
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msgString found in binary or memory: https://8x1p840npode.blob.core.windows.net/8x1p840npode/2.htm#14;kSx7yh2OMqJmt2dxYbd
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.aadrm.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.aadrm.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.cortana.ai
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.microsoftstream.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.office.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.onedrive.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://api.scheduler.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://app.powerbi.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: App1728333638048132100_76F91E84-2DD6-4F80-8240-B710B0304744.log.0.drString found in binary or memory: https://augloop.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://augloop.office.com/v2
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://canary.designerapp.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.entity.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cortana.ai
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cortana.ai/api
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://cr.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://d.docs.live.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dev.cortana.ai
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://devnull.onenote.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://directory.services.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ecs.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://edge.skype.com/rps
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://graph.windows.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://graph.windows.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ic3.teams.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://invites.office.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://lifecycle.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://login.microsoftonline.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://login.windows.local
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://make.powerautomate.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://management.azure.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://management.azure.com/
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/6uu/1k5/3/g/605112782eb70.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/6uu/1k5/3/g/6051128166e3b.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/6uu/1k5/3/j/60543d37685eb.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/6uu/1k5/5/j/60a520cc09e8e.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/6uu/1k5/5/j/60a520e4dd5ba.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/6uu/1k5/5/j/60a520ff39ce9.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/6uu/1k5/5/j/60a5211bbb266.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/Facebook-icon.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/X-icon.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/email-icon.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/instagram-icon.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/linkedin-icon.png
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/youtube-icon.png
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.action.office.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://messaging.office.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://mss.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ncus.contentsync.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://officeapps.live.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://officepyservice.office.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://onedrive.live.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office365.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office365.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://powerlift-user.acompli.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://powerlift.acompli.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://res.cdn.office.net
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://service.powerapps.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://settings.outlook.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=218933&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255790&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255791&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255792&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255793&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255794&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255795&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255796&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255797&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255798&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=371255799&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=422405&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=553475&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710910&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710911&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710912&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710913&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710914&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710915&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710916&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710917&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710918&li=54106&e=S45458
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://sli.em.sailthru.com/imp?s=791710919&li=54106&e=S45458
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://staging.cortana.ai
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTIxO
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTQyM
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTU1M
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jb
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/img/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/279ece35.gif
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/manage/6uu/preferences--nyp?email=S45458
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/oc/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/05fc5d38
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/oc/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/05fc5d38&brand_param=nypost
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://stcblink.em.sailthru.com/view/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/fb8d9a40
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://substrate.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://t.em.sailthru.com/1/e/a.gif?aqet=emo&img=true&r=7&ca=58396454&v0=S45458
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://tasks.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://webshell.suite.office.com
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://wus2.contentsync.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://www.google.com/maps/place/Severna
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://www.mdmea.org/all-state-auditions
Source: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drString found in binary or memory: https://www.mdmea.org/all-state-auditionshttps://www.mdmea.org/all-state-auditions
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drString found in binary or memory: https://www.yammer.com
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow created: window name: CLIPBRDWNDCLASSJump to behavior
Source: classification engineClassification label: sus21.spyw.winMSG@3/40@5/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1640370658-4104.etlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0048EC3B-F4E8-46CD-AAE9-F637D36AF731" "1DC5220A-17EF-426A-945F-68130EA5A8BE" "4104" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0048EC3B-F4E8-46CD-AAE9-F637D36AF731" "1DC5220A-17EF-426A-945F-68130EA5A8BE" "4104" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Opens network shares
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile opened: \\8x1p840npode.blob.core.windows.net\8x1p840npode\1.png?kSx7yh2OMqJmt2dxYbdJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Network Share Discovery		Remote Services1
Clipboard Data		1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS13
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528436 Sample: _READY__FOR__THE__UNEXPECTE... Startdate: 07/10/2024 Architecture: WINDOWS Score: 21 11 t.em.sailthru.com 2->11 13 stcblink.em.sailthru.com 2->13 15 3 other IPs or domains 2->15 6 OUTLOOK.EXE 306 221 2->6         started        process3 signatures4 17 Opens network shares 6->17 9 ai.exe 6->9         started        process5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://entitlement.diagnostics.office.com0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json0%URL Reputationsafe
http://schema.org0%URL Reputationsafe
https://login.microsoftonline.com0%URL Reputationsafe
https://substrate.office.com/search/api/v1/SearchHistory0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/InteractiveInstallation0%URL Reputationsafe
https://service.powerapps.com0%URL Reputationsafe
https://graph.windows.net/0%URL Reputationsafe
https://devnull.onenote.com0%URL Reputationsafe
https://messaging.office.com/0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing0%URL Reputationsafe
https://skyapi.live.net/Activity/0%URL Reputationsafe
https://messaging.action.office.com/setcampaignaction0%URL Reputationsafe
https://visio.uservoice.com/forums/368202-visio-on-devices0%URL Reputationsafe
https://staging.cortana.ai0%URL Reputationsafe
https://augloop.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/file0%URL Reputationsafe
https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory0%URL Reputationsafe
https://officepyservice.office.net/0%URL Reputationsafe
https://api.diagnostics.office.com0%URL Reputationsafe
https://store.office.de/addinstemplate0%URL Reputationsafe
https://wus2.pagecontentsync.0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/datasets0%URL Reputationsafe
https://cortana.ai/api0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
stcblink.em.sailthru.com
unknown
unknownfalse
    		unknown
    sli.em.sailthru.com
    		unknown
    		unknownfalse
      		unknown
      media.em.sailthru.com
      		unknown
      		unknownfalse
        		unknown
        augloop.office.com
        		unknown
        		unknownfalse
          		unknown
          t.em.sailthru.com
          		unknown
          		unknownfalse
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://stcblink.em.sailthru.com/oc/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/05fc5d38&brand_param=nypost_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
              		unknown
              https://shell.suite.office.com:1443B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://designerapp.azurewebsites.netB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://autodiscover-s.outlook.com/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://useraudit.o365auditrealtimeingestion.manage.office.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://outlook.office365.com/connectorsB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://cdn.entity.B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://rpsticket.partnerservices.getmicrosoftkey.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://lookup.onenote.com/lookup/geolocation/v1B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
              • URL Reputation: safe
              		unknown
              https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/Facebook-icon.png~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                		unknown
                https://api.aadrm.com/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                • URL Reputation: safe
                		unknown
                https://canary.designerapp.B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                • URL Reputation: safe
                		unknown
                https://www.yammer.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                • URL Reputation: safe
                		unknown
                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.microsoftstream.com/api/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                  		unknown
                  https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://cr.office.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://messagebroker.mobile.m365.svc.cloud.microsoftB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://otelrules.svc.static.microsoftB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                    		unknown
                    https://edge.skype.com/registrar/prodB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://res.getmicrosoftkey.com/api/redemptioneventsB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTU1M_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                      		unknown
                      https://tasks.office.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://officeci.azurewebsites.net/api/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://sli.em.sailthru.com/imp?s=218933&li=54106&e=S45458~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                        		unknown
                        https://my.microsoftpersonalcontent.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                          		unknown
                          https://media.em.sailthru.com/6uu/1k5/5/j/60a520e4dd5ba.png~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                            		unknown
                            https://store.office.cn/addinstemplateB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                            • URL Reputation: safe
                            		unknown
                            https://stcblink.em.sailthru.com/img/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/279ece35.gif~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                              		unknown
                              https://edge.skype.com/rpsB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://messaging.engagement.office.com/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://media.em.sailthru.com/6uu/1k5/5/j/60a520ff39ce9.png~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                		unknown
                                https://www.odwebp.svc.msB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://api.powerbi.com/v1.0/myorg/groupsB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://web.microsoftstream.com/video/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://api.addins.store.officeppe.com/addinstemplateB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://graph.windows.netB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://consent.config.office.com/consentcheckin/v1.0/consentsB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                • URL Reputation: safe
                                		unknown
                                https://d.docs.live.netB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                  		unknown
                                  https://safelinks.protection.outlook.com/api/GetPolicyB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://ncus.contentsync.B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://weather.service.msn.com/data.aspxB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://media.em.sailthru.com/6uu/1k5/5/j/60a5211bbb266.png~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                    		unknown
                                    https://mss.office.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://pushchannel.1drv.msB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://wus2.contentsync.B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://clients.config.office.net/user/v1.0/iosB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://api.addins.omex.office.net/api/addins/searchB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTQyM_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                      		unknown
                                      https://sli.em.sailthru.com/imp?s=371255799&li=54106&e=S45458~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                        		unknown
                                        https://outlook.office365.com/api/v1.0/me/ActivitiesB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://clients.config.office.net/user/v1.0/android/policiesB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://entitlement.diagnostics.office.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://outlook.office.com/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                          		unknown
                                          https://storage.live.com/clientlogs/uploadlocationB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                            		unknown
                                            https://sli.em.sailthru.com/imp?s=422405&li=54106&e=S45458~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                              		unknown
                                              https://sli.em.sailthru.com/imp?s=791710911&li=54106&e=S45458~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                		unknown
                                                http://schema.org_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msgfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTIxO_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                  		unknown
                                                  https://login.microsoftonline.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://substrate.office.com/search/api/v1/SearchHistoryB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://media.em.sailthru.com/composer/images/sailthru-prod-6uu/X-icon.png~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                    		unknown
                                                    https://clients.config.office.net/c2r/v1.0/InteractiveInstallationB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://service.powerapps.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://graph.windows.net/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://devnull.onenote.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://sli.em.sailthru.com/imp?s=791710919&li=54106&e=S45458~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                      		unknown
                                                      https://messaging.office.com/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://sli.em.sailthru.com/imp?s=791710912&li=54106&e=S45458~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                        		unknown
                                                        https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=BingB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://skyapi.live.net/Activity/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://api.cortana.aiB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                          		unknown
                                                          https://messaging.action.office.com/setcampaignactionB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://sli.em.sailthru.com/imp?s=371255796&li=54106&e=S45458~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                            		unknown
                                                            https://visio.uservoice.com/forums/368202-visio-on-devicesB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://staging.cortana.aiB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://onedrive.live.com/embed?B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                              		unknown
                                                              https://augloop.office.comApp1728333638048132100_76F91E84-2DD6-4F80-8240-B710B0304744.log.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://api.diagnosticssdf.office.com/v2/fileB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectoryB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://officepyservice.office.net/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://api.diagnostics.office.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://stcblink.em.sailthru.com/view/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/fb8d9a40_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg, ~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                                		unknown
                                                                https://store.office.de/addinstemplateB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://wus2.pagecontentsync.B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://api.powerbi.com/v1.0/myorg/datasetsB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://cortana.ai/apiB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://media.em.sailthru.com/6uu/1k5/3/j/60543d37685eb.png~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp.0.drfalse
                                                                  		unknown
                                                                  https://api.diagnosticssdf.office.comB959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://login.microsoftonline.com/B959B89E-BD31-4712-ABAE-CFCAEB33C98A.0.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown

                                                                  World Map of Contacted IPs

                                                                  No contacted IP infos

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1528436
                                                                  Start date and time:2024-10-07 22:38:59 +02:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 5m 17s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:10
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg
                                                                  Detection:SUS
                                                                  Classification:sus21.spyw.winMSG@3/40@5/0
                                                                  EGA Information:Failed
                                                                  HCA Information:
                                                                  • Successful, ratio: 100%
                                                                  • Number of executed functions: 0
                                                                  • Number of non-executed functions: 0
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .msg

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 52.109.76.243, 2.19.126.151, 2.19.126.160, 52.111.243.40, 52.111.243.41, 52.111.243.42, 52.111.243.43, 13.89.179.11, 57.150.87.129, 184.28.90.27, 52.111.243.77
                                                                  • Excluded domains from analysis (whitelisted): omex.cdn.office.net, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, onedscolprdcus15.centralus.cloudapp.azure.com, augloop-prod.trafficmanager.net, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, augloop-prod-pd04.westeurope.cloudapp.azure.com, prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, s-0005.s-msedge.net, config.officeapps.live.com, blob.iad11prdstr04a.store.core.windows.net, os
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                  • VT rate limit hit for: _READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  No simulations

                                                                  LLM Input / Output

                                                                  InputOutput
                                                                  URL: Email Model: jbxai
                                                                  {
"brand":[],
"contains_trigger_text":true,
"trigger_text":"be prepared for anything: your ultimate survival kit here!",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"text":"CAUTION: This email originated from a source outside the City of Markham. DO NOT CLICK any links or attachments,
 or reply unless you recognize the sender and know the content is safe.",
"has_visible_qrcode":false}

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  No context

                                                                  Domains

                                                                  No context

                                                                  ASNs

                                                                  No context

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):231348
                                                                  Entropy (8bit):4.39612724753885
                                                                  Encrypted:false
                                                                  SSDEEP:3072:07giCMLgKmiGu28qoQy7rt0Fvse14jlRtg:0PJbmi2psK14jlRy
                                                                  MD5:A58B790829FCAEB3DDB4177FE695D3B6
                                                                  SHA1:6B662B512BFA9FBFC825D888520F709F5315A520
                                                                  SHA-256:BA83C1C1B1BB3691519B3CA79304CEFE0C9432423651D8157412A16E71A6C154
                                                                  SHA-512:E51A606FE5C915FFF3BFB50AC3D41C9926556286D058A527C91D48CD598495B4B0C29B2A4F2137E853B205929F571B79092B500AD39F796729DE46BC3EEF2B9A
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:TH02...... ...D.........SM01X...,....)6.............IPM.Activity...........h...............h............H..h........5A{2...h........`.*.H..h\FRO ...1\Ap...h.0%.0...p......h%Y.[..3........h........_`Rk...h.X.[@...I.tw...h....H...8.Wk...0....T...............d.........2h...............k_.D.....e.....!h.............. h...g..........#h....8.........$h`.*.....8....."h..3......}3...'h..............1h%Y.[<.........0h....4....Wk../h....h.....WkH..h.3.p.........-h .............+h.Z.[........................ ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                                                                  C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:JSON data
                                                                  Category:dropped
                                                                  Size (bytes):521377
                                                                  Entropy (8bit):4.9084889265453135
                                                                  Encrypted:false
                                                                  SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                                  MD5:C37972CBD8748E2CA6DA205839B16444
                                                                  SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                                  SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                                  SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                                                                  C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                                  Category:modified
                                                                  Size (bytes):773040
                                                                  Entropy (8bit):6.55939673749297
                                                                  Encrypted:false
                                                                  SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                                  MD5:4296A064B917926682E7EED650D4A745
                                                                  SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                                  SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                                  SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):322260
                                                                  Entropy (8bit):4.000299760592446
                                                                  Encrypted:false
                                                                  SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                                                                  MD5:CC90D669144261B198DEAD45AA266572
                                                                  SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                                                                  SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                                                                  SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                                                                  Malicious:false
                                                                  Reputation:high, very likely benign file
                                                                  Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:ASCII text, with no line terminators
                                                                  Category:dropped
                                                                  Size (bytes):10
                                                                  Entropy (8bit):2.8464393446710154
                                                                  Encrypted:false
                                                                  SSDEEP:3:LNWRdc:hwdc
                                                                  MD5:1E44C9BED6CD4BA46F7F69D895F58380
                                                                  SHA1:B09842A023C6973CEA792FB81558C7A1C4D525A7
                                                                  SHA-256:CF25A352DB650E4212DF932F2D3F9BA068E68A455697C5246E49F36B5429092E
                                                                  SHA-512:6F48FE8949E486BC49A55A0AB421D3F5137A04F496DA827AF0453F7059ECE2843C6353DDE7A683C6FE7A21D55629276BC575AA76096D7AE80DC61CB27513E12F
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:1728333649

                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B959B89E-BD31-4712-ABAE-CFCAEB33C98A

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):177810
                                                                  Entropy (8bit):5.287205647313018
                                                                  Encrypted:false
                                                                  SSDEEP:1536:Pi2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXPEAD2Odavo:6Ce7HW8bM/o/TXsk4o
                                                                  MD5:51AB832D9F064D2C7AE6044414C17C41
                                                                  SHA1:22849944B8BF24F060EF7FA96E8E99F0E873E48E
                                                                  SHA-256:05133657961670BBE9157CA4E6BA8C5EA01050E0214DD41B4A003F8D784C08B5
                                                                  SHA-512:3986351D26D59484BCC59E1975E59A8BC876BAAF04044B6D2F7B9D1BEDA3047DA556AC01A9F5DA0347DA07A10CB147EC96FCC865E5F99897846640AFB688A783
                                                                  Malicious:false
                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-07T20:40:41">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                                                                  Category:dropped
                                                                  Size (bytes):4096
                                                                  Entropy (8bit):0.09304735440217722
                                                                  Encrypted:false
                                                                  SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
                                                                  MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                                                                  SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                                                                  SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                                                                  SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                                                                  Malicious:false
                                                                  Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:SQLite Rollback Journal
                                                                  Category:dropped
                                                                  Size (bytes):4616
                                                                  Entropy (8bit):0.13758003262114013
                                                                  Encrypted:false
                                                                  SSDEEP:3:7FEG2l+iUlk9/FllkpMRgSWbNFl/sl+ltlslN04l9Xll5++:7+/ldpg9bNFlEs1E39z
                                                                  MD5:C894A1C15072B9AFC802AB5EEABC25A7
                                                                  SHA1:91CF460EE5094AED5B1E64852686B3D72692990A
                                                                  SHA-256:A2E50AF0DE0F7B99DC0DFBEFA2CC0E359F225C048FCE5BDBED3C03E55B2BCFD6
                                                                  SHA-512:C24259C69F84D113176DFBBC580DC8F8AF9D163CEAA1671D31AB2B1C651653779D5B3D8F668306BC975B88AB4DBC1C2A6427B372FD2E8C8D6C0219A5230DE589
                                                                  Malicious:false
                                                                  Preview:.... .c......?......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):32768
                                                                  Entropy (8bit):0.04470641479249482
                                                                  Encrypted:false
                                                                  SSDEEP:3:G4l2jYnRxWAl2jYnRx1lWlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2MXnl2MXaL9XXPH4l942U
                                                                  MD5:887876B548C1606D2C24420FEDA30098
                                                                  SHA1:7F11BFE1512D710949AFAB57CCBE6B4252F92C7E
                                                                  SHA-256:3721CEE9A4CABB0B4560F9A121D247E4B50937620D4C0F52D5F312DF78888B19
                                                                  SHA-512:88F75DD371CA4EB84AD47804AF782E57EFD9679D641160224358C7ABBA7F3255527CD055D7360DC65DC7F8427F4466BA1C3C2431E390D8B833185185961D0085
                                                                  Malicious:false
                                                                  Preview:..-......................R.z....p.....{J.)l.K;...-......................R.z....p.....{J.)l.K;.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                  Category:dropped
                                                                  Size (bytes):45352
                                                                  Entropy (8bit):0.3961009034720831
                                                                  Encrypted:false
                                                                  SSDEEP:24:Kc8TiQMIzRDNcill7DBtDi4kZERDOdXxqt8VtbDBtDi4kZERDpA:b8+QjBcill7DYMkxO8VFDYM1A
                                                                  MD5:B6E09ABD5B66673A36AEC8C24F89C9CB
                                                                  SHA1:6AE01C1A42FB0A7C1D99FC849A397C56BB7DA07D
                                                                  SHA-256:3C952D332411A796DF4AB75E77DC1156D4DFAE06C51507355295874B25FDBD0F
                                                                  SHA-512:E5F148E30ECB13DE8B5225610F4DF4200C03C13A805E9E5D4062B7844951284CF776F297A3AC14C0A4571628851FF3673AE459DC1C44CA73CC5E380C161B96BA
                                                                  Malicious:false
                                                                  Preview:7....-..........p.....{.....h.........p.....{.VR..?].SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7D3EECEA.png

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:PNG image data, 509 x 1310, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):346367
                                                                  Entropy (8bit):7.984719819383704
                                                                  Encrypted:false
                                                                  SSDEEP:6144:jUx2XXXXXadOZETDT6BNL5UCkVcgvI4ngRoOXs3f9Jri3btpsIDs0XQ:Ax5dOST3ILC6mI4gRoOXsP9tir40g
                                                                  MD5:C4E4C3142466E4577EA897D87130BF69
                                                                  SHA1:D2A46D6D15D6CF9159E6D1882159098F749F22DB
                                                                  SHA-256:F59CB856ECBFD2D6D88988F2226DE84095837B5B580B1787013E885677CC544F
                                                                  SHA-512:A423ABEDB9BBE55CC01F29E994ECA3EAE0048126962BED6B4078CC5D5571E9B0E9688A3F20B09E66A2FE78AD774696B548CCC47730B3BC4ABA0065BD92C3F086
                                                                  Malicious:false
                                                                  Preview:.PNG........IHDR.............tS... .IDATx^.]..\E....$....D.'R.AD.HKB....4....&B. %.A.-..H."b.....@zB:.Ko.;..9....wv.........{..g...9.E..%E.....A@....<.-.........A@.........,.A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)......M..T.-tg&L....7..X.Z.A.w.^j...j.Z.......~.q.@zQ....W..I...A.....#"...^..{c..q.?.]..jW.Q.....h.W.f....Uuu.T.: ...Y.....^6..j....q! ...Cz....9s..[l...<V..d^.f......?..b5..j.;.....W+6(.._..7....[.6.V.p.s........T......".k97.v....oP..v.....c..?~.:.cR..N;.N?.tu....Z.....s.=..y...+....d9`..5e....{..$...+S.9..n.....Z.mX..#......P....j6o..~.J.].F}e.j].Vj....+..W=U.&}...j.R.Y.I...Um>.Y..k_.d...&...~....2.&..g.T./.\.....4(......X....o.....o....k/U..T..g.:u.......V.;.k.?.Qw>..z....U..;>P..Y.z.UjC].-..U...K..jm....

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\917143E3.png

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:PNG image data, 509 x 1310, 8-bit/color RGBA, non-interlaced
                                                                  Category:dropped
                                                                  Size (bytes):346367
                                                                  Entropy (8bit):7.984719819383704
                                                                  Encrypted:false
                                                                  SSDEEP:6144:jUx2XXXXXadOZETDT6BNL5UCkVcgvI4ngRoOXs3f9Jri3btpsIDs0XQ:Ax5dOST3ILC6mI4gRoOXsP9tir40g
                                                                  MD5:C4E4C3142466E4577EA897D87130BF69
                                                                  SHA1:D2A46D6D15D6CF9159E6D1882159098F749F22DB
                                                                  SHA-256:F59CB856ECBFD2D6D88988F2226DE84095837B5B580B1787013E885677CC544F
                                                                  SHA-512:A423ABEDB9BBE55CC01F29E994ECA3EAE0048126962BED6B4078CC5D5571E9B0E9688A3F20B09E66A2FE78AD774696B548CCC47730B3BC4ABA0065BD92C3F086
                                                                  Malicious:false
                                                                  Preview:.PNG........IHDR.............tS... .IDATx^.]..\E....$....D.'R.AD.HKB....4....&B. %.A.-..H."b.....@zB:.Ko.;..9....wv.........{..g...9.E..%E.....A@....<.-.........A@.........,.A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)..... .........A@......B..d.e... .........A@.....A.. ..L&Z.)......M..T.-tg&L....7..X.Z.A.w.^j...j.Z.......~.q.@zQ....W..I...A.....#"...^..{c..q.?.]..jW.Q.....h.W.f....Uuu.T.: ...Y.....^6..j....q! ...Cz....9s..[l...<V..d^.f......?..b5..j.;.....W+6(.._..7....[.6.V.p.s........T......".k97.v....oP..v.....c..?~.:.cR..N;.N?.tu....Z.....s.=..y...+....d9`..5e....{..$...+S.9..n.....Z.mX..#......P....j6o..~.J.].F}e.j].Vj....+..W=U.&}...j.R.Y.I...Um>.Y..k_.d...&...~....2.&..g.T./.\.....4(......X....o.....o....k/U..T..g.:u.......V.;.k.?.Qw>..z....U..;>P..Y.z.UjC].-..U...K..jm....

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{05CC20F1-71BF-43FF-B657-7F9B6AC2F8B4}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{09672D47-2739-49D3-8FB9-0408BA539DD2}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0A282872-261D-4123-A283-1D8BDE6E4FEF}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1375B738-9FBC-49D0-A3F4-EC3903F47C46}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{1E5D9AE0-2CAE-4712-B900-82C40593580D}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2DF4A925-F5E6-4201-92F5-05CC93C020A6}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3BDCE78A-E13A-477C-912F-30BF15E14235}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):134280
                                                                  Entropy (8bit):4.451818043202773
                                                                  Encrypted:false
                                                                  SSDEEP:3072:/kePQPGFkeBb4brb6GR3RbCF23GwhvrmYFYB:/uEYFYB
                                                                  MD5:7BC910B5979A97782D64CC7BBF7D1E96
                                                                  SHA1:6BCC74C0EF5343EDD899EB7B112A50DC8A835A49
                                                                  SHA-256:E76EDDB47689FA0E847C1EB800876850CA2D9EB7D99AA2A611B400647370B3E6
                                                                  SHA-512:1EDC1523B1403B9DF4971607F0A5C7B1EE26DD18B6D8BE23D64B1F737E5F2170D71999D4A25FD4EFA6DDDDE8B00CE158E201A265AE4B31BF29C2DED7CD7EA6DD
                                                                  Malicious:false
                                                                  Preview:............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v...j...p...r...x...z...|...~...............\...^...`...b...d....................................................................................................................................................................................................................................................$..d....a$.....$..$.If....:V.......t.....6......4........4........a.........$..d....a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a....

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{40EB1373-6D79-4241-B33A-58BDB84C56D8}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{57156375-701B-4CF5-B950-347A2E444BF3}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{6FC07418-E9AC-4DB6-BFAD-C0422C38DDB4}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{71F03398-55AF-4494-AD3C-7A251BD2880F}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.4220549436890394
                                                                  Encrypted:false
                                                                  SSDEEP:3:wlHl3lldHzlblXllZrnlPlXllVfblDl3llRD/lY:QY
                                                                  MD5:F3A9354CA467838D4331E9EEC434819E
                                                                  SHA1:57E598A9D675C443D32CD559C99C6DA5AC624CEB
                                                                  SHA-256:5522EF8A8581965CE69C5E4D7210E2DDE46458B69FAB8CDFCF3E77065CDE7AEC
                                                                  SHA-512:2624D27681582C127F7F69E1FA40AF475D7D819FA8463077EE6F83ABD784358AA149D725097BF7DD17E777B0B873CC38AD6D7BE60C5FEC2FE11B03389083D40C
                                                                  Malicious:false
                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ ..."...$...&...(...*...,...............................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7DE55A89-BE9D-4AF8-8CF6-2D5A72D5658F}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{930A4EAE-F75E-42F0-B014-FD9810938285}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{AC15ACA9-1A59-421D-A0C5-385DC31DDFC0}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):7680
                                                                  Entropy (8bit):3.2051691661513724
                                                                  Encrypted:false
                                                                  SSDEEP:48:Z4X/OPSPSe72ubkg85HZsek/eDuLkfeQe63emv9eVeVmubweae0/WeAW3eee/enK:Z4XbOHhw6TjFo7NYD
                                                                  MD5:038A815FAC3D43DB8DC1977F2A288263
                                                                  SHA1:C03E15C0D8EFF036CD9C65CD6D4B000F274E8AFE
                                                                  SHA-256:B6295B386550E6FB4A076B04C78B862B7DA7FC4D11180EF3460EDA6288F9FA25
                                                                  SHA-512:22CEA6BC110D8561BEA05B10C32B6E3D9882321D45E0237ED8E6D944F3EEC5135F37E373357C16C7BA4C8D1B60E5CD48F7834EA463FB25430CD9329610166642
                                                                  Malicious:false
                                                                  Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...f.r.o.n.t.d.e.s.k...f..................................................................................................................................................................................................................................................................................................................................................................................... ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BA6C7276-BEFF-430A-AD46-7D5863A77C91}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{DDA4EBBD-D376-43CA-98D6-716333790B7D}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EF69B62C-E80D-4ED2-AC48-EA3CC96382B0}.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):1024
                                                                  Entropy (8bit):0.03351732319703582
                                                                  Encrypted:false
                                                                  SSDEEP:3:ol3lG:40
                                                                  MD5:830FBF83999E052538EAF156AB6ECB17
                                                                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                                                                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                                                                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728333638048132100_76F91E84-2DD6-4F80-8240-B710B0304744.log

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:ASCII text, with very long lines (28731), with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):20971520
                                                                  Entropy (8bit):0.2360563480323302
                                                                  Encrypted:false
                                                                  SSDEEP:1536:ktcNVqrQ4bTpEDpw3Fq4oQkkow2DoZD24cwhAyjnz8BHj/ovt/ZkFI+45B/w9boZ:f8QqeDpuMcUcBrV0narzvs
                                                                  MD5:AE8E0B05FA0C0C49FC76E8E5CED18251
                                                                  SHA1:32B710B0E938A25E5F4B57A675A95A75DD820F1A
                                                                  SHA-256:F99E61BC0EE8A4D7B072DA17303E0F84C62DBACD92FD6F630AE3498E8541AD2F
                                                                  SHA-512:F227FC55D7F8DC05A07081BCDC0C47A60E71F37FFB0C90C7D4FDA8428E159B153B7B5CF128A8C8B18558E1EB40A56BF14AC7EDF6F1CCDB7A7B1529CA1B2171AE
                                                                  Malicious:false
                                                                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/07/2024 20:40:38.299.OUTLOOK (0x1008).0x1188.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-10-07T20:40:38.299Z","Contract":"Office.System.Activity","Activity.CV":"hB75dtYtgE+CQLcQsDBHRA.4.9","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/07/2024 20:40:38.408.OUTLOOK (0x1008).0x1188.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-07T20:40:38.408Z","Contract":"Office.System.Activity","Activity.CV":"hB75dtYtgE+CQLcQsDBHRA.4.10","Activity.Duration":11929,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                                                                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728333638049013700_76F91E84-2DD6-4F80-8240-B710B0304744.log

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):20971520
                                                                  Entropy (8bit):0.0
                                                                  Encrypted:false
                                                                  SSDEEP:3::
                                                                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241007T1640370658-4104.etl

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):98304
                                                                  Entropy (8bit):4.461977671834955
                                                                  Encrypted:false
                                                                  SSDEEP:768:ObPl3LKG98GHJc1m4CT99uB3pdg28JUoWkWJXxfSKutOjfcZDFsW+WlY:u4CJ9uB3pdtXDukjSQ
                                                                  MD5:7685F561A6965DFB8FA22615E7B9F05D
                                                                  SHA1:048DD4D60FE790E40A8C61453A9D8B85AAFDAAC4
                                                                  SHA-256:93F2C9DC9837CFFF80950B85C76B57AF3B6E99CFE7B072123A92F509EDAD3EEC
                                                                  SHA-512:D895857427D96AD31E6A56D3D75A5CC5A3ED0F0254719BAE3756E531C0E97553A6B79BBC3CA8ABC0673E170D15B63CFAF9B365FD0CCBEAB876A3CEBCC9E214A7
                                                                  Malicious:false
                                                                  Preview:............................................................................h..........."..*....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1..............................................................nV..........."..*............v.2._.O.U.T.L.O.O.K.:.1.0.0.8.:.5.d.3.f.f.f.3.5.7.d.9.2.4.1.1.9.9.5.f.a.3.8.e.a.e.5.2.0.9.c.2.a...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.0.7.T.1.6.4.0.3.7.0.6.5.8.-.4.1.0.4...e.t.l.......P.P.........Zy.*....................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\mso8D52.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:GIF image data, version 89a, 15 x 15
                                                                  Category:dropped
                                                                  Size (bytes):663
                                                                  Entropy (8bit):5.949125862393289
                                                                  Encrypted:false
                                                                  SSDEEP:12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
                                                                  MD5:ED3C1C40B68BA4F40DB15529D5443DEC
                                                                  SHA1:831AF99BB64A04617E0A42EA898756F9E0E0BCCA
                                                                  SHA-256:039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
                                                                  SHA-512:C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
                                                                  Malicious:false
                                                                  Preview:GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,*.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()*+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

                                                                  C:\Users\user\AppData\Local\Temp\prep_ram Files (x86)_Microsoft Office_root_Office16_AugLoop_bundle_js_V8_perf.cache

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):538823
                                                                  Entropy (8bit):5.985761550339009
                                                                  Encrypted:false
                                                                  SSDEEP:6144:HkDOjK5kBk6mPNcf8DcQbU4jreFk7VNAjZhBCaz9nuWoJG:zJk6mPW8DcQbU4skZuBCaMWkG
                                                                  MD5:13067FB5AD8E26454A8FE6CE54CF121E
                                                                  SHA1:DA43A7AC05B99B1825E77060E40CF89D5EEB7DE8
                                                                  SHA-256:814BA9D4D772E3C05761ADF51785939892F99CBA92791C8CCBA2CD70B369FEBA
                                                                  SHA-512:CC5182F935185D9FA67C8E93DC8D8A54F2A106698E58F6EDD115B0100D9298AEAAEF2AB54A0809A897D8426AFEC0A8D3590437DA6059408234F947C197AAF24E
                                                                  Malicious:false
                                                                  Preview:RNWPREP...A..<.l.........8..........._....M..0...EM..Z=..g...]>.@...P.Q.....uY|l8.......$S.,..`......L`.....$S...`VY.....L`.....M.Rb.................c.@........... ...D..Qb........eh..`......Qb..$.....gS..`.....D..Qb...2....er..`V.....Qb.......bA..`.....D..Qb*@.....rl..`@....D..Qb6..)....JA..`......Qb:......go..`.....D..QbB.......So..`......QbF.......Lg..`......D..Qbv@......db..`.....D..Qb~.).....Pa..`^....D..Qb.@......LA..`v....D..Qb........Si..`v....D..Qb..;l....$y..`.....D..Qb...f....Am..`N....D..Qb.@......Pr..`.....D..Qb.^....zA..`.....D..1.`.....D..Qb...5....dk..`.....D..Qb..6h....Ur..`......Qb.A......hn..`N.....Qb.AC.....Ug..`.....D..Qb2..D....Ze..`.....D..QbBA.R....Fa..`F.....QbFA.>....tk..`......QbF.......ak..`.....D..QbR.......td..`.....D..QbZ.......$A..`.....D..Qbj.......zu..`......Qbn.H.....mg..`......Qbn.U.....Sr..`.....D..Qb~A.*....Ts..`.....D..Qb...L....ny..`......Qb...2....jc..`8....D..Qb.A\L....Ed..`*....D..Qb...>....Mo..`D....D..Qb.A......Lp..`H....D..Qb..3....

                                                                  C:\Users\user\AppData\Local\Temp\~DF07B64AE13904C277.TMP

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):163840
                                                                  Entropy (8bit):0.44548802193447934
                                                                  Encrypted:false
                                                                  SSDEEP:192:hbDzCuiRLfJRY2stLiWskwMSSs5MdaZ4em5fUl18ADqMNgiXHWLOoqAbAW+Nh/:RPCJ0Ukbds594emxUsGqriXHboqM
                                                                  MD5:D5D9DE451E192CB9392145BEE583166B
                                                                  SHA1:36EC8592A1B0F0DC9F76453A31B513262076A260
                                                                  SHA-256:BDF03D5D10122300A513986156A548D990D076C1D7EB2C0DECEA2DBA13878766
                                                                  SHA-512:F5D41CA17061B56F0F5DF3271AC14A232422130B5166CE53268E05AE7715ABC3F265226A82BD3C8BE992D259EDC12825118F3D90E9DC0EDBE2A71A4A1952CC6E
                                                                  Malicious:false
                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):30
                                                                  Entropy (8bit):1.2389205950315936
                                                                  Encrypted:false
                                                                  SSDEEP:3:Hvnlj:
                                                                  MD5:F8923D5A2ABFDA7E2D94A616642FB1D5
                                                                  SHA1:EAD56C5335F4DB38691F775D63470C3882AEB899
                                                                  SHA-256:B88E8E630931065E54EF3A420DCCAB30FD61E65A4EA8E8FE0F863DCC5F098A24
                                                                  SHA-512:92B5002E43EC82AEF3E7847EF087F4E61A942BDF07F284FDBD83492CD467E2A49B77731583780AFAB419CFF7437E2872F4EDAB5661C993015C97A9EFA03AD8F4
                                                                  Malicious:false
                                                                  Preview:..............................

                                                                  C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                  Category:dropped
                                                                  Size (bytes):16384
                                                                  Entropy (8bit):0.6695960515798478
                                                                  Encrypted:false
                                                                  SSDEEP:12:rl3baF69VqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheC8:rUmnq1Py9618
                                                                  MD5:89C5A16CA1035FE010BB366BCC0E8DB2
                                                                  SHA1:CD0518AD55CDEF2D8B22119C2155A1BE5C7889F2
                                                                  SHA-256:437DAF6B1A775A0B5A1B63492B2922EE6D8D139F5DCCAF8DA068CC96F7FDC2E5
                                                                  SHA-512:9D6820A44D8C4D9E4D85966D3461567B3130DD4D57AA3BB3CA0BC124A2CF71C3901FA80DB0D14A51477B9F6F7A01B8AF97B9354A8FF03A3143C93D464AE74D11
                                                                  Malicious:false
                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                  Category:dropped
                                                                  Size (bytes):24
                                                                  Entropy (8bit):2.9993896755123957
                                                                  Encrypted:false
                                                                  SSDEEP:3:QDOLRMlW8Gn:Q6VMlW8G
                                                                  MD5:01FBC8EAAB7AC6E4BAE9C8BFF8577681
                                                                  SHA1:230A2E20F1CAFBEDDE01063CBA0FB40C81D1C966
                                                                  SHA-256:867B47C3C977F07C1905B3FBC883983FDF02E7F389AE7FA999B3CFCA7F5A2867
                                                                  SHA-512:AB1021D58DB2E32AA2137E399594609C65BD08D9A25FDDCD3E7028FF8989B6F42725C07CB443645D7916B2740989A83237359C242883E1EFC6E05E3FA989CABD
                                                                  Malicious:false
                                                                  Preview:..f.r.o.n.t.d.e.s.k.....

                                                                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:Microsoft Outlook email folder (>=2003)
                                                                  Category:dropped
                                                                  Size (bytes):271360
                                                                  Entropy (8bit):1.6984373815341276
                                                                  Encrypted:false
                                                                  SSDEEP:1536:dUV82kM5GdmvffV0xRX0KeiVFBW53jEp+HP4qQ10PAwr:vMgdUfNEEKeiVhpb
                                                                  MD5:282C85282EE56B2062FF1019A91EA0BD
                                                                  SHA1:142FDA9216AF37FB6B13E1EEF986989BB6F2E38A
                                                                  SHA-256:507CFEF381736867A76F06092C4467481556A884AB24E018BC8A7AF588E54EBD
                                                                  SHA-512:7D17CB9E2A5DFDBEA8D10B64202CBEC6AD96D8604AE2FB50709F6601FB999336FE3AB43167BCDD58A039DB74FC1F90B61B0EC3838300CB86A5844775B4DEBDF3
                                                                  Malicious:false
                                                                  Preview:!BDN~.(7SM......\...9...........7......._................@...........@...@...................................@...........................................................................$.......D......................2...............6.....................................................................................................................................................................................................................................................................................................cLH.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                                                                  Download File
                                                                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):131072
                                                                  Entropy (8bit):0.8896925914430315
                                                                  Encrypted:false
                                                                  SSDEEP:384:zkEaDABp/igVxjTIBwZ/MHo3eDmEp+HP4qQ10IsXHwwrb6qHlrdp:PalKTIBW53amEp+HP4qQ10PAwrnl
                                                                  MD5:116AE3B9561BAA876FB2B9D27647DAB0
                                                                  SHA1:C839FF141BB2A8A6FF0572A405F86A835EEB8829
                                                                  SHA-256:48BEB2ADA8D204FD3FBB127EECFDEB51CB7FAC230A20D5EA9FAFE4661194B7E6
                                                                  SHA-512:6DAC37C3215002F82FCC75C29ACFC843186118BA23B58F3A3ABF2A7C7ED3799C9CF98626B604DFA1579691CF4DA9A462393D7A27A63A713C03566C08CFE7109E
                                                                  Malicious:false
                                                                  Preview:..M.0...Z.............(.........D............#...\...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................]&.D......=I..0...[.............(.........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  Static File Info

                                                                  General

                                                                  File type:CDFV2 Microsoft Outlook Message
                                                                  Entropy (8bit):4.564013371060024
                                                                  TrID:
                                                                  • Outlook Message (71009/1) 58.92%
                                                                  • Outlook Form Template (41509/1) 34.44%
                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                                                                  File name:_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg
                                                                  File size:267'776 bytes
                                                                  MD5:40976773cd1e7dffff359440504ad7ad
                                                                  SHA1:11c7f8f80152d67bef5274f3874a9bcc9472b37d
                                                                  SHA256:666e5d6b72eb2ed02ce466bd0fcba3eb91eb2804d0699c03267c26446b5c8c46
                                                                  SHA512:3463d947562d5e4ed339c88a63c5705ccffdcd16d6f9cadf8d2266c421274df45d5a19a96214d2b44159ba53bdf4f73996db0923d81ab26262d5e1ed30492f4e
                                                                  SSDEEP:3072:xvX030P69vQebzPzF1eObFbyb1xVIuFtnawTMrTwKEYfDte8jbHObkmbBAZIBrNj:1XE0PywKE7pEm2qBHo
                                                                  TLSH:B94410182AEE1119F3B3AF354BE250AB8927FD626D39955E2095270E0B73D40DC61F3B
                                                                  File Content Preview:........................>.......................................................Z.......M......................................................................................................................................................................

                                                                  Static Mail

                                                                  General

                                                                  Subject:**_READY__FOR__THE__UNEXPECTED?__*THIS__KIT__HAS__YOU__COVERED!** _9zfW5NM
                                                                  From:"*SURVIVAL.Kit[TRACTOR.SUPPLY] _zTd" <cconrad-S28577@outlook.com.au>
                                                                  To:"xX.8CUcconrad" <cconrad@markham.ca>
                                                                  Cc:"xX.kI9cconrad" <S45458@calvertnet.k12.md.us>
                                                                  BCC:"xX.kI9cconrad" <S45458@calvertnet.k12.md.us>
                                                                  Date:Fri, 04 Oct 2024 19:03:19 +0200
                                                                  Communications:
                                                                  • CAUTION: This email originated from a source outside the City of Markham. DO NOT CLICK on any links or attachments, or reply unless you recognize the sender and know the content is safe. be__prepared__for__anything: **your__ultimate__survival__kit__here!** <https://8x1p840npode.blob.core.windows.net/8x1p840npode/1.htm#14;kSx7yh2OMqJmt2dxYbd|392;16566|1270;172837;27525> <https://8x1p840npode.blob.core.windows.net/8x1p840npode/1.htm#14;kSx7yh2OMqJmt2dxYbd|392;16566|1270;172837;27525> If you no longer wish to receive these emails, you may unsubscribe <https://8x1p840npode.blob.core.windows.net/8x1p840npode/2.htm#14;kSx7yh2OMqJmt2dxYbd|392;16566|1270;172837;27525> . The Border Patrol agents in the Swanton sector ??? which includes more than 200 miles of land border between Maine and the St. Lawrence River in New York ??? apprehended... &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; &hlk; <https://stcblink.em.sailthru.com/img/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/279ece35.gif> If you are having trouble viewing this email, click here <https://stcblink.em.sailthru.com/view/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/fb8d9a40> . <https://t.em.sailthru.com/1/e/a.gif?aqet=emo&img=true&r=7&ca=58396454&v0=S45458@calvertnet.k12.md.us&uu=g4ptkoosstfmkpctzp1gib2e> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cDovL255cG9zdC5jb20vPyZ1dG1fY2FtcGFpZ249bmV3c19hbGVydCZ1dG1fc291cmNlPXNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NvbnRlbnQ9MjAyNDEwMDMmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eB7e17c9f0> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL05ZUG9zdC8_JnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMyZsY3RnPTY2ZTQ4ZjAwNzFmNjA5NjFmZjAxMDRlMQ/g4ptkoosstfmkpctzp1gib2eB5ed39191> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly90d2l0dGVyLmNvbS9ueXBvc3QvPyZ1dG1fY2FtcGFpZ249bmV3c19hbGVydCZ1dG1fc291cmNlPXNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NvbnRlbnQ9MjAyNDEwMDMmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eB03e41784> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly93d3cuaW5zdGFncmFtLmNvbS9ueXBvc3QvPyZ1dG1fY2FtcGFpZ249bmV3c19hbGVydCZ1dG1fc291cmNlPXNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NvbnRlbnQ9MjAyNDEwMDMmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eBa838d59e> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cDovL255cG9zdC5jb20vPyZ1dG1fY2FtcGFpZ249bmV3c19hbGVydCZ1dG1fc291cmNlPXNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NvbnRlbnQ9MjAyNDEwMDMmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eC7e17c9f0> OCTOBER 3, 2024 Illegal migrant crossings skyrocket 50-fold under Biden-Harris admin at northern border stretch that includes New York <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly9ueXBvc3QuY29tLzIwMjQvMTAvMDMvdXMtbmV3cy9ub3J0aGVybi1pbGxlZ2FsLWJvcmRlci1jcm9zc2luZ3MtdXAtNTAtZm9sZC11bmRlci1iaWRlbi1hZG1pbi8_dXRtX3NvdXJjZSUzRHNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPW5ld3NfYWxlcnQmdXRtX2NvbnRlbnQ9MjAyNDEwMDM_JnV0bV9zb3VyY2U9c2FpbHRocnUmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eB24c373c1> ?? The Border Patrol agents in the Swanton sector ??? which includes more than 200 miles of land border between Maine and the St. Lawrence River in New York ??? apprehended... <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly9ueXBvc3QuY29tLzIwMjQvMTAvMDMvdXMtbmV3cy9ub3J0aGVybi1pbGxlZ2FsLWJvcmRlci1jcm9zc2luZ3MtdXAtNTAtZm9sZC11bmRlci1iaWRlbi1hZG1pbi8_dXRtX3NvdXJjZSUzRHNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPW5ld3NfYWxlcnQmdXRtX2NvbnRlbnQ9MjAyNDEwMDM_JnV0bV9zb3VyY2U9c2FpbHRocnUmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eC24c373c1> Read More <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly9ueXBvc3QuY29tLzIwMjQvMTAvMDMvdXMtbmV3cy9ub3J0aGVybi1pbGxlZ2FsLWJvcmRlci1jcm9zc2luZ3MtdXAtNTAtZm9sZC11bmRlci1iaWRlbi1hZG1pbi8_dXRtX3NvdXJjZSUzRHNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NhbXBhaWduPW5ld3NfYWxlcnQmdXRtX2NvbnRlbnQ9MjAyNDEwMDM_JnV0bV9zb3VyY2U9c2FpbHRocnUmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eD24c373c1> Advertisement <https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTIxODkzMyZsaT01NDEwNiZlPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZwPTM2OTQ1NzU0XzIwMjQxMDAzMTAyOTExJmxjdGc9NjZlNDhmMDA3MWY2MDk2MWZmMDEwNGUxJnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMw/g4ptkoosstfmkpctzp1gib2eBdac5f6fb> <https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTQyMjQwNSZsaT01NDEwNiZlPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZwPTM2OTQ1NzU0XzIwMjQxMDAzMTAyOTExJmxjdGc9NjZlNDhmMDA3MWY2MDk2MWZmMDEwNGUxJnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMw/g4ptkoosstfmkpctzp1gib2eC1afb5e29> <https://stcblink.em.sailthru.com/click/58396454.256430/aHR0cHM6Ly9zbGkubnlwb3N0LmNvbS9jbGljaz9zPTU1MzQ3NSZsaT01NDEwNiZlPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZwPTM2OTQ1NzU0XzIwMjQxMDAzMTAyOTExJmxjdGc9NjZlNDhmMDA3MWY2MDk2MWZmMDEwNGUxJnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMw/g4ptkoosstfmkpctzp1gib2eDffe93fb9> <https://sli.em.sailthru.com/imp?s=371255790&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255791&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255792&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255793&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255794&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255795&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255796&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255797&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255798&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=371255799&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710910&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710911&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710912&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710913&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710914&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710915&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710916&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710917&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710918&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> <https://sli.em.sailthru.com/imp?s=791710919&li=54106&e=S45458@calvertnet.k12.md.us&p=58396454_95206892584573&lctg=g4ptkoosstfmkpctzp1gib2e> The email address for your subscription is S45458@calvertnet.k12.md.us <mailto:S45458@calvertnet.k12.md.us> Manage Email Preferences <https://stcblink.em.sailthru.com/manage/6uu/preferences--nyp?email=S45458@calvertnet.k12.md.us> For more New York Post, download the New York Post App: <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly9hcHAuYWRqdXN0LmNvbS9mNGNsa3RuX24xMHlhanM_Y2FtcGFpZ24lM0RicmVha2luZyZmYWxsYmFjaz1odHRwczovL255cG9zdC5jb20vbW9iaWxlLWFwcHMvJnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMyZsY3RnPTY2ZTQ4ZjAwNzFmNjA5NjFmZjAxMDRlMQ/g4ptkoosstfmkpctzp1gib2eBe1c09691> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly9hcHAuYWRqdXN0LmNvbS9mNGNsa3RuX24xMHlhanM_Y2FtcGFpZ24lM0RicmVha2luZyZmYWxsYmFjaz1odHRwczovL255cG9zdC5jb20vbW9iaWxlLWFwcHMvJnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMyZsY3RnPTY2ZTQ4ZjAwNzFmNjA5NjFmZjAxMDRlMQ/g4ptkoosstfmkpctzp1gib2eCe1c09691> Follow us on: <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL255cG9zdC8_JnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMyZsY3RnPTY2ZTQ4ZjAwNzFmNjA5NjFmZjAxMDRlMQ/g4ptkoosstfmkpctzp1gib2eB77833a8f> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly90d2l0dGVyLmNvbS9ueXBvc3Q_JnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMyZsY3RnPTY2ZTQ4ZjAwNzFmNjA5NjFmZjAxMDRlMQ/g4ptkoosstfmkpctzp1gib2eB7c464b63> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly93d3cuaW5zdGFncmFtLmNvbS9ueXBvc3QvPyZ1dG1fY2FtcGFpZ249bmV3c19hbGVydCZ1dG1fc291cmNlPXNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NvbnRlbnQ9MjAyNDEwMDMmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eCa838d59e> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly93d3cubGlua2VkaW4uY29tL2NvbXBhbnkvbmV3LXlvcmstcG9zdD8mdXRtX2NhbXBhaWduPW5ld3NfYWxlcnQmdXRtX3NvdXJjZT1zYWlsdGhydSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jb250ZW50PTIwMjQxMDAzJmxjdGc9NjZlNDhmMDA3MWY2MDk2MWZmMDEwNGUx/g4ptkoosstfmkpctzp1gib2eB911c55ea> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly9lbWFpbC5ueXBvc3QuY29tLz8mdXRtX2NhbXBhaWduPW5ld3NfYWxlcnQmdXRtX3NvdXJjZT1zYWlsdGhydSZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jb250ZW50PTIwMjQxMDAzJmxjdGc9NjZlNDhmMDA3MWY2MDk2MWZmMDEwNGUx/g4ptkoosstfmkpctzp1gib2eBc4734290> <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cHM6Ly93d3cueW91dHViZS5jb20vbnlwb3N0PyZ1dG1fY2FtcGFpZ249bmV3c19hbGVydCZ1dG1fc291cmNlPXNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NvbnRlbnQ9MjAyNDEwMDMmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eB74196218> New York Post 1211 Avenue of the Americas New York, NY 10036 USA ?? Copyright 2024 NYP Holdings, Inc. All rights reserved Privacy <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cDovL255cG9zdC5jb20vcHJpdmFjeS8_JnV0bV9jYW1wYWlnbj1uZXdzX2FsZXJ0JnV0bV9zb3VyY2U9c2FpbHRocnUmdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD0yMDI0MTAwMyZsY3RnPTY2ZTQ4ZjAwNzFmNjA5NjFmZjAxMDRlMQ/g4ptkoosstfmkpctzp1gib2eB4f625e86> | Terms of Use <https://stcblink.em.sailthru.com/click/58396454.256430/tFpRrqANIPiOlkBTcG9zdC5jb20vMS9lL3I_YXFldD1jbGsmcj00JmNhPTM2OTQ1NzU0JnYwPWVsZmFob3VsYWRpbCU0MHlhaG9vLmNvbSZ1dT02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTEmcnU9aHR0cDovL255cG9zdC5jb20vdGVybXMvPyZ1dG1fY2FtcGFpZ249bmV3c19hbGVydCZ1dG1fc291cmNlPXNhaWx0aHJ1JnV0bV9tZWRpdW09ZW1haWwmdXRtX2NvbnRlbnQ9MjAyNDEwMDMmbGN0Zz02NmU0OGYwMDcxZjYwOTYxZmYwMTA0ZTE/g4ptkoosstfmkpctzp1gib2eB08147a23> | Unsubscribe from All <https://stcblink.em.sailthru.com/oc/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/05fc5d38&brand_param=nypost> u <https://stcblink.em.sailthru.com/oc/g4ptkoosstfmkpctzp1gib2elzviy.5hv2/05fc5d38> Hello Orchestra friends! BY SUNDAY September 22.... If you intend to audition for All State Orchestra, I need you to email me the following information by Sunday at midnight at the VERY latest. Please do your own research if you have further questions first. I have given you all the pertinent information I know at this time. https://www.mdmea.org/all-state-auditionshttps://www.mdmea.org/all-state-auditions 1. Confirmation that you have read and understand what signing up to audition means (time commitments, music difficulty, financial responsibility). This group is extremely competitive. 2. The full name and email of your caregiver (typically a parent) 3. After Mrs. Fraley submits nominations, parents then submit forms and communication moves into the hands of the caregiver. 4. The fee to audition: $20 (this is separate from the fee if selected) 5. If selected, the fee to participate is $525. This includes room and board. I believe we can offset the fee if you are selected... 6. Performance date commitments should you be accepted: * February 21-23, 2025, College Park, MD J unior Orchestra 9th grade * March 7-9, 2025, Baltimore, MD Senior Orchestra 10-12th Important information: * * Audition times will not be released until a week before the audition. * Students auditioning on instruments that have a larger pool of nominations will need to move through multiple rooms for different portions of their audition. * The instruments requiring this process may include, but are not limited to violin, flute, clarinet, and trumpet. * An example would be in Room 1 students will perform the scales, in Room 2 students will perform the first etude, in Room 3 students will perform the second etude. * The exact number of rooms will be communicated to the students when they arrive at the audition. * It is critical that the student be aware of this and make sure to perform in each room for the audition to be completed. * NOTE - the prior practice of preliminary and finals room for some auditions was retired as of the 2023-2024 auditions. * Orchestra Auditions (MODA) Junior Orchestra Auditions (Grades 7-9) * Instruments - Violin, Viola, Cello, String Bass * Audition Nomination - Due September 25, 12pm (noon) * Late Audition Nomination - September 26 to October 2, 12pm (noon) * Audition Registration - October 2 to 16, 12pm (noon) * Late Audition Registration - October 17 to 25, 12pm (noon) * Auditions - Saturday, November 16 * Audition Format - In-person at one (1) location only, no walk-ins allowed * Location - Severna Park High School (Anne Arundel County) <https://www.google.com/maps/place/Severna+Park+High+School/@39.7917109,-76.5618909,16z/data=!3m1!4b1!4m6!3m5!1s0x89b7fbd2acfd6da7:0x3c35875207a63051!8m2!3d39.7917109!4d-76.559316!16zL20vMGMzczd5?entry=ttu> Senior Orchestra Auditions (Grades 10-12) * Instruments - Violin, Viola, Cello, String Bass * Audition Nomination - Due September 25, 12pm (noon) * Late Audition Nomination - September 26 to October 2, 12pm (noon) * Audition Registration - October 2 to 16, 12pm (noon) * Late Audition Registration - October 17 to 25, 12pm (noon) * Auditions - Saturday, November 23 * Audition Format - In-person at one (1) location only, no walk-ins allowed Location - Severna Park High School (Anne Arundel County) <https://www.google.com/maps/place/Severna+Park+High+School/@39.7917109,-76.5618909,16z/data=!3m1!4b1!4m6!3m5!1s0x89b7fbd2acfd6da7:0x3c35875207a63051!8m2!3d39.7917109!4d-76.559316!16zL20vMGMzczd5?entry=ttu> The contents of this email and any attachments are intended solely for the use of the named addressee(s) and may contain confidential and/or legally privileged information. Any unauthorized use, copying, disclosure, forwarding, or distribution of the contents of this e-mail is strictly prohibited by the sender and may be unlawful. If you are not the intended recipient, please notify the sender immediately and delete this e-mail.
                                                                  Attachments:

                                                                    Headers

                                                                    Key Value
                                                                    Receivedfrom qHlzwScQjme (unknown)
                                                                    1704:07 +0000
                                                                    ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
                                                                    ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
                                                                    h=FromDate:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
                                                                    ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass (sender ip is
                                                                    (260310a6:600:2ac::6) with Microsoft SMTP Server (version=TLS1_2,
                                                                    2024 1703:20 +0000
                                                                    Transport; Fri, 4 Oct 2024 1703:20 +0000
                                                                    Authentication-Resultsspf=pass (sender IP is 40.107.121.132)
                                                                    Received-SPFPass (protection.outlook.com: domain of
                                                                    15.20.8026.11 via Frontend Transport; Fri, 4 Oct 2024 1703:19 +0000
                                                                    2a01111:f403:718b::c08) smtp.mailfrom=rspcahantsands.onmicrosoft.com;
                                                                    DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=OUTLOOK.COM.AU;
                                                                    by CWXP123MB3893.GBRP123.PROD.OUTLOOK.COM (260310a6:400:ad::10) with
                                                                    X-MS-Exchange-Authentication-Resultsspf=pass (sender IP is
                                                                    rspcahantsands.onmicrosoft.com designates 2a01111:f403:718b::c08 as
                                                                    client-ip=2a01111:f403:718b::c08;
                                                                    Transport; Fri, 04 Oct 2024 1703:19 +0000
                                                                    (ecelerity 3.6.9.2814 r(Core3.6.9.0)) with ECSTREAM
                                                                    id 5A/FD-16792-492DBF66; Fri, 04 Oct 2024 1703:19 +0000
                                                                    2024-10-02 1436:40.228074438 +0000 UTC m=+5553219.081888673
                                                                    Fri, 04 Oct 2024 1703:19 +0000
                                                                    Message-ID<CH0PR07CA00649rVXQEb0000040c@CH0PR07CA0064.calvertnet.k12.md.us>
                                                                    List-Unsubscribe<%%=CONCAT(CloudPagesURL(85), SUBSTRING('?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtaWQiOiI1MTUwMTEwNDgiLCJzIjoiMTM0NjA3NDcwIiwibGlkIjoiMzQwIiwiaiI6IjE1MjU2OSIsImpiIjoiMjI0MzYiLCJkIjoiMTAwMjA5In0.cW6T8NxnpCqYchd9ueoBrvblfUEbdPZDtVIxiwAUqQr>, <mailto:leave-fbfpdj2uygav1tmzmg7x-f0w28r2heqnor6yd5e3cmw-f29m0ra3ak75jeva-fdy5usccpq95p6on53oo1r-f2uukj04xgiaxd@leave.i.em.sailthru.com>
                                                                    DateFri, 04 Oct 2024 17:03:19 +0000
                                                                    Sender"*SURVIVAL.Kit[TRACTOR.SUPPLY] _zTd" <cconrad-S45458P@calvertnet.k12.md.us>
                                                                    Cc"xX.kI9cconrad" <S45458@calvertnet.k12.md.us>
                                                                    MIME-Version1.0
                                                                    Content-Typemultipart/alternative; boundary="2xcstt638ugqffop17uqrwmssfmv875yxnuyg7y49kjauzoug5nxsquue5nn=_?:"
                                                                    From"*SURVIVAL.Kit[TRACTOR.SUPPLY] _zTd" <cconrad-S28577@outlook.com.au>
                                                                    Return-Pathcconrad-S27358P@rspcahantsands.onmicrosoft.com
                                                                    List-Unsubscribe-PostList-Unsubscribe=One-Click
                                                                    Subject**_READY__FOR__THE__UNEXPECTED?__*THIS__KIT__HAS__YOU__COVERED!** _9zfW5NM
                                                                    To"xX.8CUcconrad" <cconrad@markham.ca>
                                                                    X-EOPAttributedMessage1
                                                                    X-MS-Exchange-SkipListedInternetSenderip=[2a01:111:f403:718b::c08];domain=CH0PR07CA0064.outbound.protection.outlook.com
                                                                    X-MS-TrafficTypeDiagnosticLN2PEPF000100CD:EE_|CWXP123MB3893:EE_|QB1PEPF00004E08:EE_|YT2PR01MB5546:EE_|YQBPR0101MB9901:EE_
                                                                    X-MS-Office365-Filtering-Correlation-Id7acb22a4-d6e8-4d5a-0adf-08dce49675b7
                                                                    X-MS-Exchange-SenderADCheck0
                                                                    X-MS-Exchange-AntiSpam-Relay0
                                                                    X-Microsoft-Antispam-UntrustedBCL:0;ARA:13230040|376014|61400799027|36860700013|48200799018|29132699027|7093399012|4022899009|69100299015|82310400026|1032899013;
                                                                    X-Microsoft-Antispam-Message-Info-Original=?us-ascii?Q?Gd8TktGTHLD7zeGzITDqvFFjiseIpLs+j5r94aFVe61LRxjYAQaK1Zuhyzgv?=
                                                                    X-Forefront-Antispam-Report-UntrustedCIP:45.144.48.78;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH0PR07CA0064.outbound.protection.outlook.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(61400799027)(36860700013)(48200799018)(29132699027)(7093399012)(4022899009)(69100299015)(82310400026)(1032899013);DIR:OUT;SFP:1102;
                                                                    X-MS-Exchange-Transport-CrossTenantHeadersStampedYT2PR01MB5546
                                                                    X-MS-Exchange-Organization-ExpirationStartTime04 Oct 2024 17:03:25.0925
                                                                    X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                                                                    X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                                                                    X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                                                                    X-MS-Exchange-Organization-Network-Message-Id7acb22a4-d6e8-4d5a-0adf-08dce49675b7
                                                                    X-EOPTenantAttributedMessage0f65dc8a-9589-4971-8749-84de0478ddac:0
                                                                    X-MS-Exchange-Organization-MessageDirectionalityIncoming
                                                                    X-MS-Exchange-Transport-CrossTenantHeadersStrippedQB1PEPF00004E08.CANPRD01.PROD.OUTLOOK.COM
                                                                    X-MS-Exchange-Transport-CrossTenantHeadersPromotedQB1PEPF00004E08.CANPRD01.PROD.OUTLOOK.COM
                                                                    X-MS-PublicTrafficTypeEmail
                                                                    X-MS-Exchange-Organization-AuthSourceQB1PEPF00004E08.CANPRD01.PROD.OUTLOOK.COM
                                                                    X-MS-Exchange-Organization-AuthAsAnonymous
                                                                    X-MS-Office365-Filtering-Correlation-Id-Prvsb2144070-fec8-4e33-7ce0-08dce49672a6
                                                                    X-MS-Exchange-AtpMessagePropertiesSA|SL
                                                                    X-MS-Exchange-Organization-SCL1
                                                                    X-Microsoft-AntispamBCL:0;ARA:13230040|29132699027|47022699003|1032899013|35042699022|4022899009|5073199012|5063199012|4123199012|4073199012|69100299015|7093399012;
                                                                    X-Forefront-Antispam-ReportCIP:40.107.121.132;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GBR01-CWX-obe.outbound.protection.outlook.com;PTR:mail-cwxgbr01on2132.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(29132699027)(47022699003)(1032899013)(35042699022)(4022899009)(5073199012)(5063199012)(4123199012)(4073199012)(69100299015)(7093399012);DIR:INB;
                                                                    X-MS-Exchange-CrossTenant-OriginalArrivalTime04 Oct 2024 17:03:24.8581
                                                                    X-MS-Exchange-CrossTenant-Network-Message-Id7acb22a4-d6e8-4d5a-0adf-08dce49675b7
                                                                    X-MS-Exchange-CrossTenant-Id0f65dc8a-9589-4971-8749-84de0478ddac
                                                                    X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIpTenantId=05c94a6c-4f02-4796-8847-32e6173d554f;Ip=[45.144.48.78];Helo=[mrk0.com]
                                                                    X-MS-Exchange-CrossTenant-AuthSourceQB1PEPF00004E08.CANPRD01.PROD.OUTLOOK.COM
                                                                    X-MS-Exchange-CrossTenant-AuthAsAnonymous
                                                                    X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                                                                    X-MS-Exchange-Transport-EndToEndLatency00:00:43.1103149
                                                                    X-MS-Exchange-Processed-By-BccFoldering15.20.8026.016
                                                                    X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                                                                    X-Microsoft-Antispam-Message-Info=?us-ascii?Q?k7XF+Bo/CzuC9IMCfSQeElxffK8ca0bGPdfNgIc+1ZAkl2yoVEa8RzmOq+ym?=
                                                                    dateFri, 04 Oct 2024 19:03:19 +0200

                                                                    File Icon

                                                                    Icon Hash:c4e1928eacb280a2

                                                                    Network Behavior

                                                                    Network Port Distribution

                                                                    UDP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Oct 7, 2024 22:41:20.550194025 CEST6532853192.168.2.71.1.1.1
                                                                    Oct 7, 2024 22:41:20.561566114 CEST53653281.1.1.1192.168.2.7
                                                                    Oct 7, 2024 22:41:20.593116999 CEST5428553192.168.2.71.1.1.1
                                                                    Oct 7, 2024 22:41:20.604474068 CEST53542851.1.1.1192.168.2.7
                                                                    Oct 7, 2024 22:41:20.872878075 CEST5491653192.168.2.71.1.1.1
                                                                    Oct 7, 2024 22:41:20.884582043 CEST53549161.1.1.1192.168.2.7
                                                                    Oct 7, 2024 22:41:20.900475025 CEST5397753192.168.2.71.1.1.1
                                                                    Oct 7, 2024 22:41:20.912282944 CEST53539771.1.1.1192.168.2.7
                                                                    Oct 7, 2024 22:41:23.171024084 CEST4984653192.168.2.71.1.1.1

                                                                    DNS Queries

                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Oct 7, 2024 22:41:20.550194025 CEST192.168.2.71.1.1.10x8027Standard query (0)media.em.sailthru.comA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:20.593116999 CEST192.168.2.71.1.1.10xbfe0Standard query (0)sli.em.sailthru.comA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:20.872878075 CEST192.168.2.71.1.1.10x985dStandard query (0)t.em.sailthru.comA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:20.900475025 CEST192.168.2.71.1.1.10x1b31Standard query (0)stcblink.em.sailthru.comA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:23.171024084 CEST192.168.2.71.1.1.10xe4baStandard query (0)augloop.office.comA (IP address)IN (0x0001)false

                                                                    DNS Answers

                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Oct 7, 2024 22:41:20.561566114 CEST1.1.1.1192.168.2.70x8027Name error (3)media.em.sailthru.comnonenoneA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:20.604474068 CEST1.1.1.1192.168.2.70xbfe0Name error (3)sli.em.sailthru.comnonenoneA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:20.884582043 CEST1.1.1.1192.168.2.70x985dName error (3)t.em.sailthru.comnonenoneA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:20.912282944 CEST1.1.1.1192.168.2.70x1b31Name error (3)stcblink.em.sailthru.comnonenoneA (IP address)IN (0x0001)false
                                                                    Oct 7, 2024 22:41:23.178666115 CEST1.1.1.1192.168.2.70xe4baNo error (0)augloop.office.comaugloop-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    General

                                                                    Target ID:0
                                                                    Start time:16:40:34
                                                                    Start date:07/10/2024
                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\_READY__FOR__THE__UNEXPECTED__THIS__KIT__HAS__YOU__COVERED! _9zfW5NM.msg"
                                                                    Imagebase:0xb70000
                                                                    File size:34'446'744 bytes
                                                                    MD5 hash:91A5292942864110ED734005B7E005C0
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    General

                                                                    Target ID:4
                                                                    Start time:16:40:40
                                                                    Start date:07/10/2024
                                                                    Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "0048EC3B-F4E8-46CD-AAE9-F637D36AF731" "1DC5220A-17EF-426A-945F-68130EA5A8BE" "4104" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                                                                    Imagebase:0x7ff714ba0000
                                                                    File size:710'048 bytes
                                                                    MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Disassembly

                                                                    No disassembly