Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Temos uma surpresa para os clientes da Leroy Merlin. .msg

Overview

General Information

Sample name:Temos uma surpresa para os clientes da Leroy Merlin. .msg
Analysis ID:1530699
MD5:2f02a563ab2f25e2d3ab820808d6c244
SHA1:15eab81bd02f2ef39e751c346040c79c4ab6d89e
SHA256:53b49675c696e3a8d6a8f2bedb93ebf55fe6edbb511b6ddd0095982c7137530c
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 8016 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Temos uma surpresa para os clientes da Leroy Merlin. .msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7596 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BEB119B5-D86C-4802-948C-787B5455079F" "029AA1C0-AF2B-48AF-BA14-F2B0B640E484" "8016" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 8016, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: Temos uma surpresa para os clientes da Leroy Merlin. .msg, ~WRS{26A02425-66FB-44B5-B04D-7BD0D5D9C1D4}.tmp.0.drString found in binary or memory: http://beststarsoffers.click/6BhleE83181mJuz290zymsyrjyod2100WDJQAGGGIUTIWAX82267SCLT380y9
Source: ~WRS{26A02425-66FB-44B5-B04D-7BD0D5D9C1D4}.tmp.0.drString found in binary or memory: http://beststarsoffers.click/img/BftYnyQgrWDRxBpx
Source: ~WRS{26A02425-66FB-44B5-B04D-7BD0D5D9C1D4}.tmp.0.drString found in binary or memory: http://beststarsoffers.click/img/FJHpEbd9pzMLCgDT
Source: Temos uma surpresa para os clientes da Leroy Merlin. .msgString found in binary or memory: http://beststarsoffers.click/track/3Kujob83181wfcV290msbyxcunjk2100ZCHLGXWHLPZIBKK82267SWLS380J9
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.aadrm.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.aadrm.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.cortana.ai
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.office.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.onedrive.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://api.scheduler.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://app.powerbi.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://augloop.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://canary.designerapp.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.entity.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cortana.ai
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cortana.ai/api
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://cr.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://d.docs.live.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dev.cortana.ai
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://devnull.onenote.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://directory.services.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ecs.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://graph.windows.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://graph.windows.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://invites.office.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://lifecycle.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://login.windows.local
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://make.powerautomate.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://management.azure.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://management.azure.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://messaging.office.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://mss.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ncus.contentsync.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://officeapps.live.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://onedrive.live.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office365.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office365.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://powerlift-user.acompli.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://res.cdn.office.net
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://service.powerapps.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://settings.outlook.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://staging.cortana.ai
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://substrate.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://tasks.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: Temos uma surpresa para os clientes da Leroy Merlin. .msg, ~WRS{26A02425-66FB-44B5-B04D-7BD0D5D9C1D4}.tmp.0.drString found in binary or memory: https://uk01.l.antigena.com/l/ES_nWwtyvvPZKELjDgph-MDssq~qS5bE0L8Q8zCS4DPFtrtCHhzhwMA4EawQVZs2EIMtrk
Source: Temos uma surpresa para os clientes da Leroy Merlin. .msg, ~WRS{26A02425-66FB-44B5-B04D-7BD0D5D9C1D4}.tmp.0.drString found in binary or memory: https://uk01.l.antigena.com/l/gSyI41Gz96sNln53sagX7eNcywQQOoEnYDagSj-Ka4rmvUc~~ge2uUdYhkRZf~qdeCYR20
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://wus2.contentsync.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winMSG@3/12@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T0635500609-8016.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Temos uma surpresa para os clientes da Leroy Merlin. .msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BEB119B5-D86C-4802-948C-787B5455079F" "029AA1C0-AF2B-48AF-BA14-F2B0B640E484" "8016" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BEB119B5-D86C-4802-948C-787B5455079F" "029AA1C0-AF2B-48AF-BA14-F2B0B640E484" "8016" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1530699 Sample: Temos uma surpresa para os ... Startdate: 10/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 49 112 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-user.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0017.t-0009.t-msedge.net
13.107.246.45
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://api.diagnosticssdf.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.microsoftonline.com/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://shell.suite.office.com:14437ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://designerapp.azurewebsites.net7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://autodiscover-s.outlook.com/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://useraudit.o365auditrealtimeingestion.manage.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/connectors7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cdn.entity.7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.omex.office.net/appinfo/query7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/user/v1.0/tenantassociationkey7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerlift.acompli.net7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v17ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cortana.ai7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/imports7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cloudfiles.onenote.com/upload.aspx7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://entitlement.diagnosticssdf.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.aadrm.com/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ofcrecsvcapi-int.azurewebsites.net/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://canary.designerapp.7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ic3.teams.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://www.yammer.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.microsoftstream.com/api/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
      		unknown
      https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
      • URL Reputation: safe
      		unknown
      https://cr.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
      • URL Reputation: safe
      		unknown
      https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
        		unknown
        https://messagebroker.mobile.m365.svc.cloud.microsoft7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
        • URL Reputation: safe
        		unknown
        https://otelrules.svc.static.microsoft7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          		unknown
          https://portal.office.com/account/?ref=ClientMeControl7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://clients.config.office.net/c2r/v1.0/DeltaAdvisory7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://edge.skype.com/registrar/prod7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://graph.ppe.windows.net7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://res.getmicrosoftkey.com/api/redemptionevents7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://powerlift-user.acompli.net7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://tasks.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://officeci.azurewebsites.net/api/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://sr.outlook.office.net/ws/speech/recognize/assistant/work7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.scheduler.7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
          • URL Reputation: safe
          		unknown
          https://my.microsoftpersonalcontent.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
            		unknown
            https://store.office.cn/addinstemplate7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.aadrm.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
            • URL Reputation: safe
            		unknown
            https://edge.skype.com/rps7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office.com/autosuggest/api/v1/init?cvid=7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              		unknown
              https://globaldisco.crm.dynamics.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://messaging.engagement.office.com/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://dev0-api.acompli.net/autodetect7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://www.odwebp.svc.ms7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://api.diagnosticssdf.office.com/v2/feedback7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://api.powerbi.com/v1.0/myorg/groups7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://web.microsoftstream.com/video/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://api.addins.store.officeppe.com/addinstemplate7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://graph.windows.net7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://dataservice.o365filtering.com/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://officesetup.getmicrosoftkey.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://analysis.windows.net/powerbi/api7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://prod-global-autodetect.acompli.net/autodetect7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              https://substrate.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
              • URL Reputation: safe
              		unknown
              http://beststarsoffers.click/6BhleE83181mJuz290zymsyrjyod2100WDJQAGGGIUTIWAX82267SCLT380y9Temos uma surpresa para os clientes da Leroy Merlin. .msg, ~WRS{26A02425-66FB-44B5-B04D-7BD0D5D9C1D4}.tmp.0.drfalse
                		unknown
                https://outlook.office365.com/autodiscover/autodiscover.json7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                • URL Reputation: safe
                		unknown
                https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                • URL Reputation: safe
                		unknown
                https://consent.config.office.com/consentcheckin/v1.0/consents7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                • URL Reputation: safe
                		unknown
                https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                • URL Reputation: safe
                		unknown
                https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                • URL Reputation: safe
                		unknown
                https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                • URL Reputation: safe
                		unknown
                https://d.docs.live.net7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                  		unknown
                  https://safelinks.protection.outlook.com/api/GetPolicy7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://ncus.contentsync.7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                    		unknown
                    https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://weather.service.msn.com/data.aspx7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://apis.live.net/v5.0/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://officepyservice.office.net/service.functionality7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://templatesmetadata.office.net/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://beststarsoffers.click/track/3Kujob83181wfcV290msbyxcunjk2100ZCHLGXWHLPZIBKK82267SWLS380J9Temos uma surpresa para os clientes da Leroy Merlin. .msgfalse
                      		unknown
                      https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://messaging.lifecycle.office.com/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://mss.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://pushchannel.1drv.ms7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://management.azure.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://outlook.office365.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://wus2.contentsync.7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://incidents.diagnostics.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://clients.config.office.net/user/v1.0/ios7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://make.powerautomate.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://api.addins.omex.office.net/api/addins/search7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://insertmedia.bing.office.net/odc/insertmedia7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://outlook.office365.com/api/v1.0/me/Activities7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://api.office.net7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://incidents.diagnosticssdf.office.com7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://asgsmsproxyapi.azurewebsites.net/7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://clients.config.office.net/user/v1.0/android/policies7ACB13C2-FF19-4BB5-BE46-163B81F8B975.0.drfalse
                      • URL Reputation: safe
                      		unknown

                      World Map of Contacted IPs

                      No contacted IP infos

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1530699
                      Start date and time:2024-10-10 12:34:34 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 4m 45s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:8
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Temos uma surpresa para os clientes da Leroy Merlin. .msg
                      Detection:CLEAN
                      Classification:clean1.winMSG@3/12@0/0
                      EGA Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      Cookbook Comments:
                      • Found application associated with file extension: .msg

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                      • Excluded IPs from analysis (whitelisted): 52.109.28.46, 52.113.194.132, 52.182.143.210
                      • Excluded domains from analysis (whitelisted): ecs.office.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, prod.configsvc1.live.com.akadns.net, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, login.live.com, s-0005.s-msedge.net, config.officeapps.live.com, azureedge-t-prod.trafficmanager.net, officeclient.microsoft.com, ecs.office.trafficmanager.net, onedscolprdcus10.centralus.cloudapp.azure.com, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net, uks-azsc-config.officeapps.live.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtQueryAttributesFile calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Report size getting too big, too many NtReadVirtualMemory calls found.

                      Simulations

                      Behavior and APIs

                      No simulations

                      LLM Input / Output

                      InputOutput
                      URL: Email Model: jbxai
                      {
"brand":["LEROY MERLIN"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"SURVEY DE ARTE",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"Foste Escolhido! Para se qualificar para reclamar a sua recompensa de Nvel 1,
 basta responder a algumas perguntas curtas sobre a sua experincia e selecionar uma cor. CONJUNTO DE FERRAMENTAS DEXTER COM 108 PEAS",
"has_visible_qrcode":false}

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      s-part-0017.t-0009.t-msedge.nethttp://beststarsoffers.click/img/FJHpEbd9pzMLCgDTGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      http://beststarsoffers.click/img/BftYnyQgrWDRxBpxGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      https://loadfile.komanda.cl/Get hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      file.exeGet hashmaliciousStealcBrowse
                      • 13.107.246.45
                      https://or4t.iednationusa.com/sYyRdjOUGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      https://w7950.app.blinkops.comGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      tmp34F7.HtMl.htmlGet hashmaliciousHTMLPhisherBrowse
                      • 13.107.246.45
                      https://embassyatlantahub.com/res444.php?4-68747470733a2f2f632e7468696d65726e65742e636f6d2f623174462f-#mGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      http://www.cottesloecounselling.com.au/anna-amhrose.htmlGet hashmaliciousUnknownBrowse
                      • 13.107.246.45
                      https://dlce.cc/fbacdcb212bcbb323077d5a99ef04c07Get hashmaliciousUnknownBrowse
                      • 13.107.246.45

                      ASNs

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):231348
                      Entropy (8bit):4.382709374353047
                      Encrypted:false
                      SSDEEP:3072:s8gJNYmgvmiGu2iqoQPrt0Fvwio5JcIIUtdx:s3Ylmi2fFR5JcIIUtP
                      MD5:F2D44D277D1F77D3C0491934DD8513DE
                      SHA1:B2667C1EEE3DBFF78737BC146C01446EAB9CBBEB
                      SHA-256:94A24C059797EE659C9F02EB9DB9D113FBF9036BB19F4CADB0B166857D84BB86
                      SHA-512:5BA0EE4E8741E798C212AA9C2D5BA6443933383A1E91044C95A325D64F494D382D97507CF8CD13A6782D58BCA86D50FC3BD72142D0D7C6668FC3DC93489CEFE0
                      Malicious:false
                      Reputation:low
                      Preview:TH02...... .0.. ........SM01X...,...P.. ............IPM.Activity...........h...............h............H..h..l............h........`~..H..h\FRO ...1\Ap...h....0...x.l....h..}............h........_`Fk...h-.}.@...I.tw...h....H...8.Kk...0....T...............d.........2h...............k1.1...........!h.............. h..b{......l...#h....8.........$h`~......8....."h8t......Hv....'h..t...........1h..}.<.........0h....4....Kk../h....h.....KkH..h....p.....l...-h .........l...+hi.}......l................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000....Microsoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                      C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\7ACB13C2-FF19-4BB5-BE46-163B81F8B975

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):177810
                      Entropy (8bit):5.287204572633861
                      Encrypted:false
                      SSDEEP:1536:Xi2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXPEAD2Odavo:iCe7HW8bM/o/TXsk4o
                      MD5:EFA1F4C506E82C4B6F1637857D31A09D
                      SHA1:2514D11E59911D5BD6681E4CB7C7D74080BC18FA
                      SHA-256:2E166B4237F61D8343762E78F313E36E0513D9095565C49151F9255BD588AE5D
                      SHA-512:33ABE2BBE7783EA37930224BE6AA1CBCFA775DDCE98698192CC3702F2C5C21F34FE68F7E2795E32C5280F30262269DD2D10B69D19ADD2A2220F44F3F4479FF63
                      Malicious:false
                      Reputation:low
                      Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-10T10:35:53">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):32768
                      Entropy (8bit):0.04604146709717531
                      Encrypted:false
                      SSDEEP:3:GtlxtjlM0JKaB0z/3lxtjlM0JKaB0Al/1R9//8l1lvlll1lllwlvlllglbelDblx:Gts0JO7s0JOAlX9X01PH4l942wU
                      MD5:D13642800D4A1C8F9D0FF04DA56DF786
                      SHA1:3125C5DF465BCF5B1D33E35DED44AA11E6534BF2
                      SHA-256:EBD93E4F3F15926B97ADE5C1F0D0C2A77327933BBA0B4E0675C399B6A87E6508
                      SHA-512:1923C5C8B7CA1728555A8BB163EF67F89222325172386430655F19C7027B287FB5F3114DEFB2987CCE119F94069C04B2FD8300DEECAE55A372365CE673805A73
                      Malicious:false
                      Reputation:low
                      Preview:..-......................w.L~.J...Iy.W,9....f..-......................w.L~.J...Iy.W,9....f........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:SQLite Write-Ahead Log, version 3007000
                      Category:modified
                      Size (bytes):49472
                      Entropy (8bit):0.4831007556779885
                      Encrypted:false
                      SSDEEP:48:gZQgTQ1ZD0Ull7DYMZjFMzO8VFDYMZnzhvX5BO8VFDYML:guRDDnll4ajF0jVGazhvXzjVGC
                      MD5:7B6EF9A4981B711A22FD25C63CEDA32E
                      SHA1:34583E3DDD935D372516388FEC746DAF2E9C7171
                      SHA-256:7132CEBC744156C9EC6FBD05CC415B03F66528E1D4B0319E38FA23ACADEEF18E
                      SHA-512:28DC163FCC4531FCEEC04D0DEF4A7AD8DD36C0A4B63CF4BAE3BE372CA8B0CEEEC86C8E8A8A5613B487B88B01A42216E1ED26DC1E09D2E17D25F1FF285815BEA6
                      Malicious:false
                      Reputation:low
                      Preview:7....-............Iy.W,9N0..?D............Iy.W,9....kS..SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{26A02425-66FB-44B5-B04D-7BD0D5D9C1D4}.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):7476
                      Entropy (8bit):3.8644939443044493
                      Encrypted:false
                      SSDEEP:96:0YHy8V+0upbpbpbpbpLp1RY/1BBBGLWAx3OZnW1Xw1EecK0lYkYV3yponJtL1b6k:hH3Ue/qCW28XMcuLFLT
                      MD5:6FCB40D5133677B2A7FBFD905CC83AD8
                      SHA1:6CFF2DB429288A554BB62661F17D40139CBB60AD
                      SHA-256:0E593AFF0FCBDC313130B7F2DA05A5A164DB0F2FA2BF4BDC9DCBE3329AADB21B
                      SHA-512:794E1B96E9748F64A01396D413CDE6D075C9F512906A60264317750F4FD1E049ADD89CDD3EA8243B6514790B20ED0C0289752CFF532B7FA95AFEE9C68FBEB6F6
                      Malicious:false
                      Reputation:low
                      Preview:........I.N.C.L.U.D.E.P.I.C.T.U.R.E. . .\.d. .".h.t.t.p.:././.b.e.s.t.s.t.a.r.s.o.f.f.e.r.s...c.l.i.c.k./.i.m.g./.B.f.t.Y.n.y.Q.g.r.W.D.R.x.B.p.x.". .\.x. .\.y. .\.*. .M.E.R.G.E.F.O.R.M.A.T.I.N.E.T... . .....................................................................................................................................................................................................................................................................................................................................................B...........~.......................H...J...L......................................................................................................................................................................................................................................................................................................................................$.....a$.....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4.

                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728556551030910600_E7546119-CAAD-439F-9451-21AAE8BB8D5B.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:ASCII text, with very long lines (28762), with CRLF line terminators
                      Category:dropped
                      Size (bytes):20971520
                      Entropy (8bit):0.1603726359974361
                      Encrypted:false
                      SSDEEP:1536:qivHveTQTNCgpmIFdcwnZk1f1ELnNujJ12O5QvMwQioLBK:leUsgpV30Ut
                      MD5:243CB0FB2533D54C7F76A49BE4AF4BBB
                      SHA1:E4A7DDEF8CEDE19C43BAD1FFEA61BF025F8AC5EB
                      SHA-256:6C5619CF20D156067DF4F8642D6441A642A44148C18C14E76D7F90B19AB510CE
                      SHA-512:8109C727B07EE89FAC831808EA837507D781C06890716F7E251F13DAAE83CD018F4382F31664885D9FA401FC6065CD51E27C547CB33EC5481746BCCE644CDB55
                      Malicious:false
                      Reputation:low
                      Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/10/2024 10:35:51.078.OUTLOOK (0x1F50).0x1F54.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-10-10T10:35:51.078Z","Contract":"Office.System.Activity","Activity.CV":"GWFU563Kn0OUUSGq6LuNWw.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/10/2024 10:35:51.094.OUTLOOK (0x1F50).0x1F54.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-10-10T10:35:51.094Z","Contract":"Office.System.Activity","Activity.CV":"GWFU563Kn0OUUSGq6LuNWw.4.10","Activity.Duration":11892,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                      C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728556551032259600_E7546119-CAAD-439F-9451-21AAE8BB8D5B.log

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):20971520
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:3::
                      MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                      SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                      SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                      SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241010T0635500609-8016.etl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):4.3995716582581705
                      Encrypted:false
                      SSDEEP:768:pNLFuFYsa4oqJx4Tr9wE0FYXzdfWuWG+W4WGY9rqvgM:C4Tr9wEDX2oM
                      MD5:835AED0A86E1716D1FD0088BA08F9E56
                      SHA1:B59C8CD57057D799E817C086BC4E2EBB7B82FD47
                      SHA-256:4A9B14B0DEBBF68BB5274262BD9614F21FE539F4E4A39D9A48EB533AF2C00739
                      SHA-512:4AC2CA3F27C7A6E79E021B9E277F794E77C85AB4688503A97953660FF85FBDE65428AB815F371BD41DFB06981D2D8524A0535F3D0155F2CF4C76CA78D94ECFF2
                      Malicious:false
                      Reputation:low
                      Preview:............................................................................h...T...P......,....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................Ps<QT..............,............v.2._.O.U.T.L.O.O.K.:.1.f.5.0.:.b.c.2.0.8.0.d.9.8.8.0.c.4.4.b.2.a.3.7.e.f.9.8.9.8.0.3.5.a.6.b.a...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.1.0.T.0.6.3.5.5.0.0.6.0.9.-.8.0.1.6...e.t.l.......P.P.T...P......,....................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\~DFBACF0B1754E089A8.TMP

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):163840
                      Entropy (8bit):0.33538276856660476
                      Encrypted:false
                      SSDEEP:192:KBgFiC8b0u277wkZQnmzLgaT+YGWNgz0XHWQOGIAbAFAqwNh/:KeYI17tQegaT92z0XHOGIMu
                      MD5:D0E8B90EB089DBA0E7DE1F53ED1392DE
                      SHA1:997A1190A587F624AE394D357BB7C12E91B1F42C
                      SHA-256:7A1C2FC107567AC5C67F4F0AAD83ED763C9500034975FB5C38ADEA9D0F7A211A
                      SHA-512:11C058789C56B4CF5A590FD9FCAAC1FEF0F7E740F10B74BE0BCC7F64A676FC1D9F40F092470AA7027D5B0FE979DEE52B88DF25E7D2D0B5741581AD8511DCD2B1
                      Malicious:false
                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):30
                      Entropy (8bit):1.2389205950315936
                      Encrypted:false
                      SSDEEP:3:BJnrt:
                      MD5:F619017FDF555F80B6F8FF31C514F33B
                      SHA1:392E5F579F8EADA0AFC6750813EDF9332055952F
                      SHA-256:623851CCBFF9091B214B79DF430EA66E7B18741FF8AFA851D29B5407682D71B8
                      SHA-512:F2AD0824D58DAD75EFB39CD7982575FB7085539347070A8B563EB0664CA6CD6906E87CA2D3FE798E5195052B46C042E5617F6329758FD855A50C4E0ED9860262
                      Malicious:false
                      Preview:....6,........................

                      C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:Microsoft Outlook email folder (>=2003)
                      Category:dropped
                      Size (bytes):271360
                      Entropy (8bit):1.2863511832657384
                      Encrypted:false
                      SSDEEP:768:Z3QcTornjWp2ZWcL+QVZ/svwmPOPTuMrJGFJHqBfJ8BUTIZ:l4jm2je2PTgJ4fJeNZ
                      MD5:223CBE2DF328074762512EAF9E470EF2
                      SHA1:471CD9B503EA168F835E54AB6D439A594FAA3508
                      SHA-256:60D3CF3D90B6D7113402E20C399CC2993001E2E4A1A55EF856ADA688D17D33ED
                      SHA-512:EE96EC1A6565418296B31E9967BAE6E32DDB86DBC84FF7A1B308EFE1EDAF3C379FBC80BBEFF9F76A5F2822D3E624AB08D8A49AAB6B987A2F2FDA59E062E1CC89
                      Malicious:false
                      Preview:!BDN..v.SM......\....)...,......I.......U................@...........@...@...................................@...........................................................................$.......D.......)..............E...............H......................................................................................................................................................................................................................................................................................................w.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                      Download File
                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                      File Type:data
                      Category:dropped
                      Size (bytes):131072
                      Entropy (8bit):1.0671390545760329
                      Encrypted:false
                      SSDEEP:384:E8rnAY2x1ZmC74QGNlFnZG0yO4rZWGPg47c1RoLKuP9xPBDq:n/F2Gr2Bf1InHuPXk
                      MD5:131132566ADF9DED848624AF4EF03AB2
                      SHA1:A348484236A8839424E7EC375DD23CC4BC26AC50
                      SHA-256:F46D2CDD78A39D53C74A1DB5D4BFB693AD51CA020B444B3194D19845BCC03973
                      SHA-512:0EECBEF812DB91DFCBAE599FD3912E3EFFED65CAF792B195BBBA642C9E13B208938D58A2DF24E03FA2D6BD81F2C2411997755C60BE3F17FE6BEAD7AE203612CF
                      Malicious:false
                      Preview:.f'.C...a.......P...}.U+......................#.!BDN..v.SM......\....)...,......I.......U................@...........@...@...................................@...........................................................................$.......D.......)..............E...............H......................................................................................................................................................................................................................................................................................................w...}.U+......................#..........`......<.......................4...0...........@.......n....................... ...p............x.......................W......................@$......................@a......................................$........X......8...0...d........^..........0)..h...............8....)..l........o..........p*..p........j...........+..t........H...........+..|.......@q......n....,..|.......

                      Static File Info

                      General

                      File type:CDFV2 Microsoft Outlook Message
                      Entropy (8bit):4.384297218164357
                      TrID:
                      • Outlook Message (71009/1) 58.92%
                      • Outlook Form Template (41509/1) 34.44%
                      • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                      File name:Temos uma surpresa para os clientes da Leroy Merlin. .msg
                      File size:29'696 bytes
                      MD5:2f02a563ab2f25e2d3ab820808d6c244
                      SHA1:15eab81bd02f2ef39e751c346040c79c4ab6d89e
                      SHA256:53b49675c696e3a8d6a8f2bedb93ebf55fe6edbb511b6ddd0095982c7137530c
                      SHA512:95222d89a7742cc22eb25baea747f01c7689a00924fc2f8ac0eb2639d1249a609f7b01f6ddef6dec29a4828ade50d25def74d0075cb8cbb621ae82c0d6b84ff1
                      SSDEEP:384:NDsSbtmX5ctaUaT1O0SPTfbsfWYRw4VRya+besUSWf:NDsSbgytHa5PEfbErRw4VRR+dUSg
                      TLSH:E8D2321533ED9705F2BBAF365DF681938A367C91ED24D64F3290330E09B1981A871B6B
                      File Content Preview:........................>......................................................................................................................................................................................................................................

                      Static Mail

                      General

                      Subject:Temos uma surpresa para os clientes da Leroy Merlin. ????
                      From:*Mensagem da Leroy Merlin* <Leroy-Merlin-iyh@foryouthealth.click>
                      To:fireis@eem.pt
                      Cc:
                      BCC:
                      Date:Wed, 09 Oct 2024 15:47:47 +0200
                      Communications:
                      • <http://beststarsoffers.click/img/BftYnyQgrWDRxBpx> Foste escolhido! <http://beststarsoffers.click/img/FJHpEbd9pzMLCgDT> Foi seleccionado para receber um novo CONJUNTO DE FERRAMENTAS DEXTER COM 108 PEAS Para se qualificar para reclamar a sua recompensa de Nvel 1, basta responder a algumas perguntas curtas sobre a sua experincia e selecionar uma cor. SURVEY DE ARTE <https://uk01.l.antigena.com/l/gSyI41Gz96sNln53sagX7eNcywQQOoEnYDagSj-Ka4rmvUc~~ge2uUdYhkRZf~qdeCYR20MfqPF0Cl22iQAPA~D-kwryf6JMugP38-hVRau_ADDrbJG64mdp-ZsyZX_NR5Aqy8QOMomREd_j~F2RHekIK09DCim8Shqfhw4hZXnXF1DPP7U2UTL09nH60jVmeQTVNhtpj6BYLNdVUlIVUBIDlYaiNtMQkkHjcq1woyuQdpbGd~TSAUV> Twj unikalny kod: #4824292 Podem ser aplicadas taxas de envio Se pretender cancelar a subscrio, clique aqui <http://beststarsoffers.click/6BhleE83181mJuz290zymsyrjyod2100WDJQAGGGIUTIWAX82267SCLT380y9> click here to remove your self from our emails list <https://uk01.l.antigena.com/l/ES_nWwtyvvPZKELjDgph-MDssq~qS5bE0L8Q8zCS4DPFtrtCHhzhwMA4EawQVZs2EIMtrkpriojmqgJJ1-XZ1ZPYbm-ITQIMcRiMO~AmsVLsz09AACAr0YP-iwl7SMq2aRiFiPzAx~REms7LPoGsnDve-Mtujq45Frm5~4gEL7PqTy~DBBUEHUQm9tnKUWOJobwjEhXph-vCpF3mBF3RL6PKeu8xPHB-kH-nVc7XjnlBMPCXby> <http://beststarsoffers.click/track/3Kujob83181wfcV290msbyxcunjk2100ZCHLGXWHLPZIBKK82267SWLS380J9>
                      Attachments:

                        Headers

                        Key Value
                        Receivedfrom foryouthealth.click (23.228.85.251) by mail2.eem.pt (10.0.0.22)
                        Mailbox Transport; Wed, 9 Oct 2024 1447:49 +0100
                        Oct 2024 1447:48 +0100
                        2024 1447:48 +0100
                        DKIM-Signaturev=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=foryouthealth.click;
                        h=DateSender:Message-Id:To:From:Subject:Content-Type:Mime-Version:Content-Transfer-Encoding; i=contact@foryouthealth.click;
                        DomainKey-Signaturea=rsa-sha1; c=nofws; q=dns; s=smtp; d=foryouthealth.click;
                        DateWed, 09 Oct 2024 13:47:47 +0000
                        Sendercontact@foryouthealth.click
                        Message-Id<570092613701874.0.HIF2743411527@foryouthealth.click>
                        Tofireis@eem.pt
                        From*Mensagem da Leroy Merlin* <Leroy-Merlin-iyh@foryouthealth.click>
                        SubjectTemos uma surpresa para os clientes da Leroy Merlin. ????
                        Content-Typemultipart/alternative; boundary="=-PmNI27j2jIG7In12X70IJQ=="
                        Mime-Version1.0
                        Content-Transfer-Encoding8bit
                        Return-Pathciguw@foryouthealth.click
                        X-MS-Exchange-Organization-Network-Message-Id7a732a7d-d575-40b7-4aa9-08dce868f651
                        X-MS-Exchange-Organization-PRDforyouthealth.click
                        X-MS-Exchange-Organization-SenderIdResultPass
                        Received-SPFPass (SRV-MAIL01.eem.local: domain of
                        X-MS-Exchange-Organization-SCL5
                        X-MS-Exchange-Organization-PCL2
                        X-MS-Exchange-Organization-Antispam-ReportDV:3.3.5705.600;SID:SenderIDStatus
                        Pass;OrigIP23.228.85.251
                        X-MS-Exchange-Organization-AuthSourceSRV-MAIL02.eem.local
                        X-MS-Exchange-Organization-AuthAsAnonymous
                        X-MS-Exchange-Transport-EndToEndLatency00:00:01.1248004
                        X-MS-Exchange-Processed-By-BccFoldering15.01.2507.039
                        dateWed, 09 Oct 2024 15:47:47 +0200

                        File Icon

                        Icon Hash:c4e1928eacb280a2

                        Network Behavior

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 10, 2024 12:35:44.203676939 CEST1.1.1.1192.168.2.70xd7b1No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                        Oct 10, 2024 12:35:44.203676939 CEST1.1.1.1192.168.2.70xd7b1No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:06:35:48
                        Start date:10/10/2024
                        Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        Wow64 process (32bit):true
                        Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Temos uma surpresa para os clientes da Leroy Merlin. .msg"
                        Imagebase:0x750000
                        File size:34'446'744 bytes
                        MD5 hash:91A5292942864110ED734005B7E005C0
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:3
                        Start time:06:35:52
                        Start date:10/10/2024
                        Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BEB119B5-D86C-4802-948C-787B5455079F" "029AA1C0-AF2B-48AF-BA14-F2B0B640E484" "8016" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                        Imagebase:0x7ff7f2920000
                        File size:710'048 bytes
                        MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        Disassembly

                        No disassembly