Windows Analysis Report
Quarantined Messages(11).zip

Overview

General Information

Sample name:	Quarantined Messages(11).zip
Analysis ID:	1530598
MD5:	03430da0f93aa351348a314954c0a8f2
SHA1:	34acfc8fb8eafbfa475cee8ef8c47698a53243f0
SHA256:	d76ddc960eb2350fda3b6921c19d40b1ae5e6f3a4cb2433dfdea3f10f03461e2
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid T&C link found

None HTTPS page querying sensitive user data (password, username or email)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Sigma detected: Outlook Security Settings Updated - Registry

Stores files to the Windows start menu directory

Classification

Signatures

Phishing

AI detected phishing page

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

LLM: Score: 10 Reasons: HTML file with login form DOM: 0.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML

HTML body contains low number of good links

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: Title: Sign in to your account does not match URL

Invalid T&C link found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: Invalid link: Privacy statement
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: Invalid link: Privacy statement
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: Invalid link: Privacy statement

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163

Source: global traffic	HTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: 7353914071-1323985617.cos.sa-saopaulo.myqcloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: unknown

HTTP traffic detected: POST /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveContent-Length: 13User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: nullAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 64 6f 3d 75 73 65 72 2d 63 68 65 63 6b Data Ascii: do=user-check

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65373
Source: unknown	Network traffic detected: HTTP traffic on port 65371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65368
Source: unknown	Network traffic detected: HTTP traffic on port 65368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65388
Source: unknown	Network traffic detected: HTTP traffic on port 65385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65369
Source: unknown	Network traffic detected: HTTP traffic on port 65389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65384
Source: unknown	Network traffic detected: HTTP traffic on port 65370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65376
Source: unknown	Network traffic detected: HTTP traffic on port 65380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65388 -> 443

Source: classification engine

Classification label: mal56.phis.winZIP@18/38@8/151

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T0328520416-5152.etl

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_Quarantined Messages(11).zip\ca56da36-71ea-4ec2-9820-08dce887adf9\1c99d929-e95f-2462-0a44-8852be668566.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8629CF2E-5B64-48E8-ADE3-CF97CDFF8DD7" "A79F8F49-6F5B-42C1-B65C-05AFF02BDB33" "5152" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8629CF2E-5B64-48E8-ADE3-CF97CDFF8DD7" "A79F8F49-6F5B-42C1-B65C-05AFF02BDB33" "5152" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1944,i,7005086442058721016,18223057916398399266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1944,i,7005086442058721016,18223057916398399266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
13.107.246.64	s-part-0036.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
172.217.16.202	unknown	United States	15169	GOOGLEUS	false
104.18.10.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
52.109.68.130	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
154.12.225.163	unknown	United States	174	COGENT-174US	false
172.217.18.3	unknown	United States	15169	GOOGLEUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
43.135.205.15	cos.sa-saopaulo.myqcloud.com	Japan	4249	LILLY-ASUS	false
2.19.126.151	unknown	European Union	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.109.28.46	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
152.199.21.175	sni1gl.wpc.omegacdn.net	United States	15133	EDGECASTUS	false
20.42.73.24	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
52.109.76.243	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
66.102.1.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16
192.168.2.23

Contacted Domains

Name	IP	Active
stackpath.bootstrapcdn.com	104.18.10.207	true
cos.sa-saopaulo.myqcloud.com	43.135.205.15	true
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true
code.jquery.com	151.101.194.137	true
cdnjs.cloudflare.com	104.17.25.14	true
s-part-0036.t-0009.t-msedge.net	13.107.246.64	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true
www.google.com	142.250.186.68	true
7353914071-1323985617.cos.sa-saopaulo.myqcloud.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
206.23.85.13.in-addr.arpa	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	true		unknown
http://154.12.225.163/7353914071/next.php	false	0%, Virustotal, Browse	unknown

Phishing

AI detected phishing page

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

LLM: Score: 10 Reasons: HTML file with login form DOM: 0.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML

HTML body contains low number of good links

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: Title: Sign in to your account does not match URL

Invalid T&C link found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: Invalid link: Privacy statement
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: Invalid link: Privacy statement
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: Invalid link: Privacy statement

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No favicon

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/KMDIZEAG/Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTTP Parser: No <meta name="copyright".. found

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163
Source: unknown	TCP traffic detected without corresponding DNS query: 154.12.225.163

Source: global traffic	HTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /7353914071/next.php HTTP/1.1Host: 154.12.225.163Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: 7353914071-1323985617.cos.sa-saopaulo.myqcloud.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net

Source: unknown

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65370
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65371
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65372
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65373
Source: unknown	Network traffic detected: HTTP traffic on port 65371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65368
Source: unknown	Network traffic detected: HTTP traffic on port 65368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65388
Source: unknown	Network traffic detected: HTTP traffic on port 65385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65369
Source: unknown	Network traffic detected: HTTP traffic on port 65389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65380
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65383
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65384
Source: unknown	Network traffic detected: HTTP traffic on port 65370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 65376
Source: unknown	Network traffic detected: HTTP traffic on port 65380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 65388 -> 443

Source: classification engine

Classification label: mal56.phis.winZIP@18/38@8/151

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T0328520416-5152.etl

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\AppData\Local\Temp\Temp1_Quarantined Messages(11).zip\ca56da36-71ea-4ec2-9820-08dce887adf9\1c99d929-e95f-2462-0a44-8852be668566.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8629CF2E-5B64-48E8-ADE3-CF97CDFF8DD7" "A79F8F49-6F5B-42C1-B65C-05AFF02BDB33" "5152" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "8629CF2E-5B64-48E8-ADE3-CF97CDFF8DD7" "A79F8F49-6F5B-42C1-B65C-05AFF02BDB33" "5152" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1944,i,7005086442058721016,18223057916398399266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1944,i,7005086442058721016,18223057916398399266,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

ID:	1530598
Product:	CloudBasic
Start time:	09:27:31
Start date:	10.10.2024
Sample:	Quarantined Messages(11).zip
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	03430da0f93aa351348a314954c0a8f2
SHA1:	34acfc8fb8eafbfa475cee8ef8c47698a53243f0
SHA256:	d76ddc960eb2350fda3b6921c19d40b1ae5e6f3a4cb2433dfdea3f10f03461e2
Filetype:	ZIP compressed archive (8000/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT	data	2507692E9932661F502DCDC5EBB6A991	8FFD313B085253015DF4B110B66EB834D4C7636E	194F82DEA463CE62A56DD01FF2B5CD36DFBEE759BD4869C029955EB74C490493
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin	ASCII text, with very long lines (65536), with no line terminators	CC90D669144261B198DEAD45AA266572	EF164048A8BC8BD3A015CF63E78BDAC720071305	89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin	ASCII text, with no line terminators	BF57E7081A663349894DA833BF1A6EB8	9C30D29E0CD716B4F33F46A46CBEC7C6E63AEA2B	2C67DA102EF5E8E6D53F6A8EB0561BA609B38A60DDB7C8DEECE5BDEB2899AC19
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6E4808A7-C5F0-4081-ADCE-704581E21FDC	XML 1.0 document, ASCII text, with CRLF line terminators	C88D686C0A6A061D8C13787FF858C31D	BD44BDEF2694A4A22DFF9D00BA0DBE9F0AFA8D09	6F3BD0428C1C29DEC9E026E0820B8FE74E208D7D566F3C4ED2FC123375699579
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db	SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2	D0DE7DB24F7B0C0FE636B34E253F1562	6EF2957FDEDDC3EB84974F136C22E39553287B80	B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal	SQLite Rollback Journal	7433ACC442F5D78A3F1179BBD037E011	922130CA3A7F04646E2A0ED9805A46F47222463C	0DAB874F13D3A31690D15B66B6BDADE96CB9AE568C0F2AEF48590EE297214568
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm	data	F61FEB3D2F44ED4A147E5193CE8A342D	AE8B3F6D688D6ECAC05BFE35969CEA68AE49310D	7E02471988D99FC083054E8485371EE589C51F16C17268A05FDCD896CF470409
C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal	SQLite Write-Ahead Log, version 3007000	806A9A7D2C5DBAED7C507E2FC8385F2C	BD8A22AB4FA616660908D426CDEC21825764E147	4FE6C6C42A05D3BFF5C59DFD3DB550130D4709CCA220C79BF6376F7AA150600E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM (002).html:Zone.Identifier (copy)	HTML document, ASCII text, with very long lines (64099), with CRLF line terminators	1BBC4F6D6474FE87C8589C39DB92DE09	595E9AC037D8DEE60D47225CED8535C352C3681B	EA0D694C1555651B233A89BECBDD389F559BAACF6C71D9AA0FACE21B264AD7CD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html	HTML document, ASCII text, with very long lines (64099), with CRLF line terminators	1BBC4F6D6474FE87C8589C39DB92DE09	595E9AC037D8DEE60D47225CED8535C352C3681B	EA0D694C1555651B233A89BECBDD389F559BAACF6C71D9AA0FACE21B264AD7CD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Payment_Advice_Note_Riccardo.nobile_5827096209CQDM.html:Zone.Identifier	ASCII text, with CRLF line terminators	FBCCF14D504B7B2DBCB5A5BDA75BD93B	D59FC84CDD5217C6CF74785703655F78DA6B582B	EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Outlook\KMDIZEAG\Remittance Advice note Ref63aa558c8bd19f14fba31e27f9a4ad0922560090 (389 KB).msg	CDFV2 Microsoft Outlook Message	F39181FD430DEBFA6DB8B8BA6A61C92E	B0E29CDED862E0AFE78CB59BF928798A092F2B39	23728FF2A41A6B0B1759FA7852BCD805F1CAFA3B2A9B7A5A911D91248514B49C
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728545332631920300_6EBA4BCF-A691-4330-98F7-B864561BD176.log	ASCII text, with very long lines (28727), with CRLF line terminators	A690719F8F31A1BF13B4A322A6A49B7D	0B1201448C3ED89333457C903E9D05BBFBDC877F	8D6C3B77468E6A544EC4AD15592D813698CA99D1726300C16945A8F11C160EC2
C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728545332632779000_6EBA4BCF-A691-4330-98F7-B864561BD176.log	data	8F4E33F3DC3E414FF94E5FB6905CBA8C	9674344C90C2F0646F0B78026E127C9B86E3AD77	CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T0328520416-5152.etl	data	6B8E70EA7325C95D4C8BDDF6A71E1683	2F6B96C02832D772D15140523711594454508872	B6D37AE4FEF9D8C2631F0BD3D835A4EFAA69C6E1CF213D6442D83D0CA1660D18
C:\Users\user\AppData\Local\Temp\olk986E.tmp	ASCII text, with CRLF line terminators	6809BA3651266F40B1AF131747303287	83E1BDAF42FB231C88145990238DAB39C9072014	9003F9E4D3E0CA4942B9388ECABD1CF1AAD9F02034EB09751BE50E05ACD93CF6
C:\Users\user\AppData\Local\Temp\olk987F.tmp	ASCII text, with very long lines (65536), with no line terminators	166C7C3FFB0D9AE1B2A51B545182024E	2E70DD44902AC09F2AB7DFD9D16508AA9D2A18EB	D8AD92EDA7891D368F9968EEDEEC90E5B030E6672276FF763AF745D9B8DF7450
C:\Users\user\AppData\Local\Temp\~DF07FDEB0F92AC1124.TMP	data	BF619EAC0CDF3F68D496EA9344137E8B	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\~DF4EAA55C3EA4B3ECE.TMP	data	C7D7C7C8B38C958FD7B88A7272BB6404	7948999BC376C836D1783848C7598D98DB55E086	33F8263A6D4B1AFC5092E0053053C98A6BB57251EE488C9B48E1A3F2A3649062
C:\Users\user\AppData\Local\Temp\~DF8D57524B9BAA8A68.TMP	CDFV2 Microsoft Outlook Message	8C1C39B66C7DDB95DF7FC4464D02631D	01E378A93D344983E4DBDB3CBF25054177EC1C9E	4F833E18CD4F2DCD9EFA6D4155321F9B4F9889770073322BF338A5A11EE7BC5B
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl	data	E58F1317756DA0FDC1DF836F59BCE5ED	6003B2D80F7AE7CA187B21F7362457774C53A3E7	4B1326015149FD1E48ED64281054BEFD89259C411DD0695ED6D035B320E2BD05
C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs	Composite Document File V2 Document, Cannot read section info	FA0C42CAAEA98B5491EB769E055D27D4	F1DEB7ADC1D5FED51E454E0C312B056B55A04850	4C334C5F52838A0F78F2C45602EFA3B4FAC62DD7D400A1A44DAE5E9B2D3A45FA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ADE76CC9B1C72456E2EE7B147C270F2C	432153BDD4D0FC6C9DA292A2B9B7750114FF6042	4E3B8C57C094CBDE6A38DB0A2C22ED9CCD77FDFF8386771936731E70B0DB4C38
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	05982F42512618DA0843987D58CD576A	220A3E5A5BCAEBC1F88CB460357DFCEA0EE894D0	0E333FAF75BEEFAD7495E8F3CE3047A2308D41F6A7EE21B039E17F1E517DF759
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0B578EEED3FC4447A9F54E21810D6C43	EB95C99DE939DAC67BDCDE96DF71E5323DD84CC8	9137974091B1DF1B24840D7C6CA07BBE3CABA07097FE2A0E9B1D15AACB204EF8
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	349A280E2D47DD725808047D4E34285F	05DBCDA785A0BD53AD9FA62D984923AADBA8F9BD	31A3F7BDF5F7CA95487A33E49485C949379CA0B2A8CAF4B0AE891C82E45EB281
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2BAB5DA228CF288654AD684B9A91FF70	091341C2B17A9B3DB2E1FF6BC553F109C4E70A52	1991E4EE10523925BF8AF064869169D84A95B545BECEEA472C924DAA39B7CE81
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 06:29:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	C4DB6D8250E83786F81CAE58F9382B88	CEB2CF27B43EA75F1289A7CF83455F8A6728D725	ED60CAE37390920A7B67183D11076015798819F9F5AE97C0B43DA98FED4C8C2C
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	Microsoft Outlook email folder (>=2003)	6896CF53A24D5F13A3D540307930C147	6FC9FD1AE001F3CD1AA28F478A099223C62FD967	6875FF8A636CF90351D2729C8D1F9010FF8A646FA1D16A453E03148304116588
C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp	data	39D7BE7711B524507E05CE1B791110CB	31DCC28035074999B7590F36B3BCB9AD76EC8363	5AC853B058D9C52BEB6281471356A6CCD066F4F64B6B8928728A0025EE2F31EE
Chrome Cache Entry: 80	ASCII text, with very long lines (32012)	5F48FC77CAC90C4778FA24EC9C57F37D	9E89D1515BC4C371B86F4CB1002FD8E377C1829F	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
Chrome Cache Entry: 82	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 84	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 87	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 89	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 91	ASCII text, with very long lines (19015)	70D3FDA195602FE8B75E0097EED74DDE	C3B977AA4B8DFB69D651E07015031D385DED964B	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
Chrome Cache Entry: 92	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1592	4761405717E938D7E7400BB15715DB1E	76FED7C229D353A27DB3257F5927C1EAF0AB8DE9	F7ED91A1DAB5BB2802A7A3B3890DF4777588CCBE04903260FBA83E6E64C90DDF
Chrome Cache Entry: 93	ASCII text, with very long lines (48664)	14D449EB8876FA55E1EF3C2CC52B0C17	A9545831803B1359CFEED47E3B4D6BAE68E40E99	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
Chrome Cache Entry: 96	ASCII text, with very long lines (65462), with CRLF line terminators	4FB1BAEE47BFB1D87D7390A19439B9DF	090D4E31A82666C5521F2F04F998AEE027AD9172	CACF75F5AC1A1647F5B7A1380944F4DBAB84F219C7BCFC6F78316BBBA0177860

Windows Analysis Report
Quarantined Messages(11).zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report Quarantined Messages(11).zip

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
Quarantined Messages(11).zip