Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OriginatingEmail (77).eml

Overview

General Information

Sample name:OriginatingEmail (77).eml
Analysis ID:1531482
MD5:ef239d93bc6d36a643beefd8a8a49523
SHA1:b2999f48c1de349670245bbf8614524426be8ada
SHA256:282c304a31feea3a3b1ea0e276cc527287002d3026db0191503940e1233d4ec0
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 1496 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\OriginatingEmail (77).eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 1272 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D1489F13-FA13-4908-851B-3753E854F971" "406C240C-67B3-4ABA-8517-E28F66F2FB8D" "1496" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 1496, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownDNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: HYPERLINK "https://www.linkedin.com/company/automated-building-controls-group/" \t "_blank" equals www.linkedin.com (Linkedin)
Source: OriginatingEmail (77).emlString found in binary or memory: ertical-align:top;"><a href=3D"https://www.linkedin.com/company/automated-b= equals www.linkedin.com (Linkedin)
Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: OriginatingEmail (77).eml, ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: http://www.abec.co.uk/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.aadrm.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.aadrm.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.cortana.ai
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.office.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.onedrive.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://api.scheduler.
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: OriginatingEmail (77).emlString found in binary or memory: https://app-uk.bitdam.com/api/v1.0/links/rewrite_cl=
Source: OriginatingEmail (77).emlString found in binary or memory: https://app-uk.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_=
Source: ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: https://app-uk.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUz
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://app.powerbi.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://augloop.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://canary.designerapp.
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.entity.
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cortana.ai
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cortana.ai/api
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://cr.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://d.docs.live.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dev.cortana.ai
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://devnull.onenote.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://directory.services.
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ecs.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://graph.windows.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://graph.windows.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://invites.office.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://lifecycle.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://login.windows.local
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://make.powerautomate.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://management.azure.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://management.azure.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://messaging.office.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://mss.office.com
Source: OriginatingEmail (77).emlString found in binary or memory: https://my.control=
Source: OriginatingEmail (77).emlString found in binary or memory: https://my.controlaccount.c=
Source: ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: https://my.controlaccount.com
Source: ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: https://my.controlaccount.com?web-chat=1
Source: OriginatingEmail (77).emlString found in binary or memory: https://my.controlaccount.com?web-chat=3D1
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ncus.contentsync.
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://officeapps.live.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://onedrive.live.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office365.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office365.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://res.cdn.office.net
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://service.powerapps.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://settings.outlook.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://staging.cortana.ai
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://substrate.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://tasks.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: OriginatingEmail (77).eml, ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: https://twitter.com/abec_uk
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://wus2.contentsync.
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: OriginatingEmail (77).eml, ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: https://www.abec.co.uk/gdpr
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: OriginatingEmail (77).emlString found in binary or memory: https://www.linkedin.com/company/automated-b=
Source: ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drString found in binary or memory: https://www.linkedin.com/company/automated-building-controls-group/
Source: OriginatingEmail (77).emlString found in binary or memory: https://www.mailcontrol.com/sr/3TVNCrdngHXGX2PQPOmvUuccc-J3Pw4GdCwoLZMwPnIyxT_JCZOKepqfyJOg8rr_vnU59
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/27@1/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241011T0342130792-1496.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\OriginatingEmail (77).eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D1489F13-FA13-4908-851B-3753E854F971" "406C240C-67B3-4ABA-8517-E28F66F2FB8D" "1496" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D1489F13-FA13-4908-851B-3753E854F971" "406C240C-67B3-4ABA-8517-E28F66F2FB8D" "1496" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1531482 Sample: OriginatingEmail (77).eml Startdate: 11/10/2024 Architecture: WINDOWS Score: 1 10 206.23.85.13.in-addr.arpa 2->10 6 OUTLOOK.EXE 71 156 2->6         started        process3 process4 8 ai.exe 6->8         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
206.23.85.13.in-addr.arpa1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://www.abec.co.uk/gdpr0%VirustotalBrowse
http://www.abec.co.uk/0%VirustotalBrowse
https://my.microsoftpersonalcontent.com0%VirustotalBrowse
https://www.linkedin.com/company/automated-building-controls-group/0%VirustotalBrowse
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false1%VirustotalBrowse
https://otelrules.svc.static.microsoft0%VirustotalBrowse
https://api.microsoftstream.com/api/0%VirustotalBrowse
https://outlook.office.com/autosuggest/api/v1/init?cvid=0%VirustotalBrowse
https://d.docs.live.net0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
206.23.85.13.in-addr.arpa
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:144342B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.net42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectors42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/appinfo/query42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://www.abec.co.uk/gdprOriginatingEmail (77).eml, ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drfalseunknown
https://powerlift.acompli.net42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://lookup.onenote.com/lookup/geolocation/v142B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://cortana.ai42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/imports42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://cloudfiles.onenote.com/upload.aspx42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://entitlement.diagnosticssdf.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://api.aadrm.com/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://ofcrecsvcapi-int.azurewebsites.net/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://canary.designerapp.42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://ic3.teams.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://www.yammer.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://api.microsoftstream.com/api/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalseunknown
https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
https://cr.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
  • URL Reputation: safe
unknown
http://www.abec.co.uk/OriginatingEmail (77).eml, ~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drfalseunknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    		unknown
    https://messagebroker.mobile.m365.svc.cloud.microsoft42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://otelrules.svc.static.microsoft42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalseunknown
    https://portal.office.com/account/?ref=ClientMeControl42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/c2r/v1.0/DeltaAdvisory42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://edge.skype.com/registrar/prod42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://graph.ppe.windows.net42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://res.getmicrosoftkey.com/api/redemptionevents42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerlift-frontdesk.acompli.net42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://tasks.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://officeci.azurewebsites.net/api/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://sr.outlook.office.net/ws/speech/recognize/assistant/work42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.scheduler.42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://my.microsoftpersonalcontent.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalseunknown
    https://store.office.cn/addinstemplate42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.aadrm.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
    • URL Reputation: safe
    		unknown
    https://app-uk.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_=OriginatingEmail (77).emlfalse
      		unknown
      https://edge.skype.com/rps42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://outlook.office.com/autosuggest/api/v1/init?cvid=42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalseunknown
      https://globaldisco.crm.dynamics.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://messaging.engagement.office.com/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://dev0-api.acompli.net/autodetect42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://www.odwebp.svc.ms42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.diagnosticssdf.office.com/v2/feedback42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.powerbi.com/v1.0/myorg/groups42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://web.microsoftstream.com/video/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.addins.store.officeppe.com/addinstemplate42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://graph.windows.net42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://www.linkedin.com/company/automated-building-controls-group/~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp.0.drfalseunknown
      https://dataservice.o365filtering.com/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://officesetup.getmicrosoftkey.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://analysis.windows.net/powerbi/api42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://prod-global-autodetect.acompli.net/autodetect42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://substrate.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://outlook.office365.com/autodiscover/autodiscover.json42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://consent.config.office.com/consentcheckin/v1.0/consents42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://d.docs.live.net42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalseunknown
      https://safelinks.protection.outlook.com/api/GetPolicy42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://ncus.contentsync.42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
      • URL Reputation: safe
      		unknown
      https://my.controlaccount.c=OriginatingEmail (77).emlfalse
        		unknown
        https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalseunknown
        https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        http://weather.service.msn.com/data.aspx42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://apis.live.net/v5.0/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://officepyservice.office.net/service.functionality42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://templatesmetadata.office.net/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://messaging.lifecycle.office.com/42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
        • URL Reputation: safe
        		unknown
        https://my.control=OriginatingEmail (77).emlfalse
          		unknown
          https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://mss.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://pushchannel.1drv.ms42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://management.azure.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://wus2.contentsync.42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://incidents.diagnostics.office.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://clients.config.office.net/user/v1.0/ios42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://make.powerautomate.com42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.addins.omex.office.net/api/addins/search42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://insertmedia.bing.office.net/odc/insertmedia42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office365.com/api/v1.0/me/Activities42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B.0.drfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1531482
          Start date and time:2024-10-11 09:41:16 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 4m 27s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:6
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:OriginatingEmail (77).eml
          Detection:CLEAN
          Classification:clean1.winEML@3/27@1/0
          EGA Information:Failed
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 0
          • Number of non-executed functions: 0
          Cookbook Comments:
          • Found application associated with file extension: .eml

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 2.19.74.158, 52.109.68.129, 2.19.126.136, 2.19.126.160, 52.109.32.47, 52.109.32.39, 52.109.32.38, 52.109.32.46, 40.79.150.121
          • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, eur.roaming1.live.com.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, onedscolprdfrc05.francecentral.cloudapp.azure.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, frc-azsc-000.roaming.officeapps.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, prod.fs.microsoft.com.akadns.net, a1864.dscd.akamai.net, ecs.office.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, osiprod-frc-buff-azsc-000.francecentral.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, nleditor.osi.office.net, prod-eu-resolver.naturallanguageeditorservice.osi.office
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtReadVirtualMemory calls found.

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASNs

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):231348
          Entropy (8bit):4.3961746767641925
          Encrypted:false
          SSDEEP:1536:TyYLTwgsycAeOYZEAgsUvNcAz79ysQqt2of6/qoQX5rcm0FvY40fy49yUQkx14cd:d8gqhNgxmiGu2NqoQJrt0FvfLQsVVM0c
          MD5:1E1D4356B2D2F700BAA63CC430D198D0
          SHA1:7F6907C5F5BBF0D15FA49359E292A599C263C4F8
          SHA-256:1653768ECF79EAA9324E48E37D1696C88F57CF57F915C5B3495DEEA5232E08AA
          SHA-512:9116ACA1033E2498AFAB0F927ED9775215371C237CC75F0ECBA7136C67292A544151208EC4334E6A41E6D8220D6EC3794BA706815A5CE6A458D78AD2A61E85E4
          Malicious:false
          Reputation:low
          Preview:TH02...... ...&.........SM01X...,...................IPM.Activity...........h...............h............H..h.o.....1.D....h.........!..H..h\alf ...AppD...h....0... .o....h...............h........_`.j...h]...@...I..v...h....H...8..j...0....T...............d.........2h...............k..`...........!h.............. h.q?5....8.o...#h....8.........$h.!......8....."h`...........'h..=...........1h....<.........0h....4.....j../h....h......jH..h.p..p....o...-h .......d.o...+h.........o................. ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

          C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
          Category:dropped
          Size (bytes):1869
          Entropy (8bit):5.09206274813201
          Encrypted:false
          SSDEEP:48:cGtdypdSyrvnzy7SymJdyDdydASyNdyrwnzyrMdnzyDkSyrXnzyO:lEpdbT27bwEDEdAbNEs2Yd2IbT2O
          MD5:B4197C1DE59822D922ED75BF4D3FFB0D
          SHA1:1C3519CC6BE12DC3C88151758EDDAB394F193971
          SHA-256:937B55F64C13F9EDA39646C04165B9BEFE3DF00EEB66C7A1E00684BCEDB9D4A7
          SHA-512:48C6AB6566435854A75CFD6544AF3477AD3A9D0495F54E374B81660EB5DC1ABD3B9961067AF860D2230CB8A4FC93709F415B952A787D38E983A0E91C44ED3CED
          Malicious:false
          Reputation:low
          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos_26215680</Id><LAT>2024-10-11T07:42:17Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215424</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T14:08:57Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos_26215682</Id><LAT>2023-10-04T14:08:57Z</LAT><key>31169036496.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-10-11T07:42:17Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876226<

          C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:JSON data
          Category:dropped
          Size (bytes):521377
          Entropy (8bit):4.9084889265453135
          Encrypted:false
          SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
          MD5:C37972CBD8748E2CA6DA205839B16444
          SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
          SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
          SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

          C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
          Category:dropped
          Size (bytes):773040
          Entropy (8bit):6.55939673749297
          Encrypted:false
          SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
          MD5:4296A064B917926682E7EED650D4A745
          SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
          SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
          SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
          Malicious:false
          Reputation:moderate, very likely benign file
          Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with very long lines (65536), with no line terminators
          Category:dropped
          Size (bytes):322260
          Entropy (8bit):4.000299760592446
          Encrypted:false
          SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
          MD5:CC90D669144261B198DEAD45AA266572
          SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
          SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
          SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
          Malicious:false
          Reputation:high, very likely benign file
          Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):10
          Entropy (8bit):2.8464393446710154
          Encrypted:false
          SSDEEP:3:LNTWu:hTD
          MD5:F1F30D9E49F8CDC0ECB0DB03EE949160
          SHA1:2387F15EEC47AE3D3E67F366603CDBD6B0BC247F
          SHA-256:2C9526D9285D3EF4562707F439788CE8DC9AC0B6F95FC9E8251215EDA3F90B53
          SHA-512:D00F7D7DD6C8B496BAE7534B62798FFED43C92D7E65FE98129EA7534A495F11CAA38B21E576E3D3B50DFA20E6443CE95B4BA35DF9E0E9821FE74B2902E2BA371
          Malicious:false
          Preview:1728632542

          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\42B2DFAE-6B42-4D9D-AEC3-76F2DDD3096B

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
          Category:dropped
          Size (bytes):177810
          Entropy (8bit):5.287202639248981
          Encrypted:false
          SSDEEP:1536:Ai2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXPEAD2Odavo:VCe7HW8bM/o/TXsk4o
          MD5:BBBAA8C395560E82634D3E6BA8D72D7F
          SHA1:DEEBF5FA1DB34860AFB4DDF468D5F2F188DD828E
          SHA-256:5958AAA9A5F1789BEF267F12595632CAE8C22F95311EEF1AA8370AB78D954F21
          SHA-512:84805462E77C8C10F97FE27F1A85668FF84D6C77D86159FB6A9A7FF1F70459C3A3D269F5B9EDD51865E37A3E1408C8D7783F41EC09530DC5326FFD250512F070
          Malicious:false
          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-11T07:42:15">.. Build: 16.0.18124.40132-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
          Category:dropped
          Size (bytes):4096
          Entropy (8bit):0.09304735440217722
          Encrypted:false
          SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
          MD5:D0DE7DB24F7B0C0FE636B34E253F1562
          SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
          SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
          SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
          Malicious:false
          Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:SQLite Rollback Journal
          Category:dropped
          Size (bytes):4616
          Entropy (8bit):0.1384465837476566
          Encrypted:false
          SSDEEP:3:7FEG2l++YQ4/FllkpMRgSWbNFl/sl+ltlslN04l9XllHw:7+/lBDgg9bNFlEs1E39fw
          MD5:03EC1266310BD8CF2F5B28826A790D74
          SHA1:25E54FC4C575A63DCBF8373E1825152F96C4938A
          SHA-256:37EB8DD2589D16FE442CC260654D900F71D4EB22ACFA0A3D68B6DF71CFA5F673
          SHA-512:01A8EDEBE2E3AF82B764B9CEA0194D58972C7D962D1C28B34CC5DAD8AB72A4A613A584092F76C351017A2D8DC6BE17413BE0667FA7D10C7C00E1FD4746A333DF
          Malicious:false
          Preview:.... .c......}bU....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):32768
          Entropy (8bit):0.0441720588658491
          Encrypted:false
          SSDEEP:3:G4l21b/CKLVbOSl21b/CKLVbOUlWlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2NhhbOSl2NhhbOU0L9XXPH4l942U
          MD5:26D309CED7B62CF63FEDBEB419778CA6
          SHA1:5C94CC4A1AA77F473B341243B26037FAFCF0F7AE
          SHA-256:991BA4F470B11E951C8A25FA9FF7C3F38B19563229601F029B0A3EA2A40D40EA
          SHA-512:38BBD26FF891D44CDD6779E83A170391010B3EF54957088B7A4A820B88FEFDCBF998E95533BF380E088CC5C948E866110E4FABF5CB7A27D910B90C8232D2D645
          Malicious:false
          Preview:..-.........................Z.......5J.0.0.J.k...-.........................Z.......5J.0.0.J.k.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:SQLite Write-Ahead Log, version 3007000
          Category:dropped
          Size (bytes):45352
          Entropy (8bit):0.3956682843292123
          Encrypted:false
          SSDEEP:24:KHQlMjQMIzRDKVill7DBtDi4kZERD/RTxqt8VtbDBtDi4kZERDyTTLc:kyMjQjsill7DYMlTxO8VFDYMuT
          MD5:CCB02D54C7F546954A4696FB6F2A1640
          SHA1:415BD2827D0783284528253B18E3340D53B6AF7A
          SHA-256:20B9F7F19F9E964676BAFFE30194124C48D98DB148084FA7497A5D84D965896C
          SHA-512:4D73BF8E8F7B961C8835A2AE413B8C3F36713AB4A613A71037992B34FD4D36B2866ED141D7AB08CD266006C241C8A879309ADEFD210939FD08EB7D897FFCCC24
          Malicious:false
          Preview:7....-..............5J.0.....`*.............5J.0$..s>..ESQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\12C4A0DA.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 864 x 280, 8-bit/color RGB, non-interlaced
          Category:dropped
          Size (bytes):63760
          Entropy (8bit):7.980476259600314
          Encrypted:false
          SSDEEP:1536:bG3alTpZwLvCFDDnCWjOHtmeFRm8VxBV91bipnzt7WxB:ialoTQCWjON2IxBfViVZgB
          MD5:BDF7371DE88198635E6B95235AD7D78F
          SHA1:F8470A90DB0DF46E7B3F9566279D85D0BDFFDAAF
          SHA-256:1A0128B51FD3AE8ED72B5F195C5FFF52D86F32E96869BA22F609396CFAE9B1BD
          SHA-512:144981DF8254EAC8AFAF1177D9D45BE9F0FB7365FC189D0DD4A0A437063275B6FB74954FC9D0E18DDB1C613C43895FE453F05DBBE39637E4E2601CEBF9F44048
          Malicious:false
          Preview:.PNG........IHDR...`............v....tRNS......n.......pHYs.........g..R.. .IDATx..w|\W...<..;UeF.eY.U....B..X~..%. .RHYJx....!.'a..e!.8.].P.,.@B......nr.eu.z.f..y.8...H.S..%.3..3.....<.)...........:8$.....F.fDg`%.N..m+..Y..O..R8.....,.,H...... .#..":.). .......H8..2Y$....cg.OvpH8...3.!:I.03D.@...V......9..r.z..b...... 9.*.h.ef..F.p..".a...42."...............!....H.`..d.......P[..A..g.q.h..'.R/.f..w8I.9{...gt...+...x.dA...q.R.u8.y2..@..09....%.Js....b....Bm.. %.m.:.!.pb.U:.....G....d..u2.Dd..........K-.:u..u..#2.P.r.{....!`..H...........l.....g.Se...Y.K.9.f.lf6..c...N#....B....*(..b.b..l4;... .,TB.D$...r....9..Z....x...4...P(T\\.r... .cA....D4...f.o'FD...v..^......^.............w.^..3....iB.C......y.;c..d..4..o..."..eY...D$.......r..i...?...88....B.=....B.Hb.M..!...4\...R.*...........'....G...'..,.......F............mgB_..7n........1.m.z.r.\.a........@n0..3g.9sJ...?....4.t......[*.o.....1..;......t.<...B..w.}..7....P5..388...........

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\15D0713.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):642
          Entropy (8bit):7.320317661286532
          Encrypted:false
          SSDEEP:12:6v/7i/CAQ267HqKl+fXofBJ95+vOVUi0UuezGBbR9kaXA6Lq217:RuuKl+Qfr95SOWezGBb5Ao
          MD5:D586674D60440234B9A78D8AD6877AE1
          SHA1:6D223175E9CA5D42BA3D6B210C0F5BA952F3121C
          SHA-256:4469CEA3C8E960DD973B8FBFE8AAACEEB3FE27941AEF4A3A4714FCEB2D9C5081
          SHA-512:B2B06460563500D707E75DBB73517E47D88B94E700D5903DB67DEEF4D1434FE3CF532794201A3861EB71C3A716E00D7C32E5D092C2FAEFB9CC839A8E82BCD985
          Malicious:false
          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d....IDAT8Ocd...M..R..r..A.,L`!b..?...}....o......A.E..2..*!..|..a.~...{..I.C.)..o.~......T..A...A...h.W......O...=..k.q..........O=b.v.5.M,...+......~.....P)..^v..8...?....[.K.3........9.Y~N.I..0....b:...g.~..(...$.... ... /..f..|..A................./;..07..`..........I..?.1..A.AI.a..9...6..a.S..........O>~g....<.4.......g*....f+.X.........@.rAy.@R...t.A.s?..O."..6.BP...m...kg.x....w....CE......6....`CA...`.. .$ ..~...l...l0......{....1(..........c8..a.]..02.m..$..|.....L...O.r......z|v002..y.!.d.....3.0ty...&..@......IEND.B`.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\80A8F40F.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):846
          Entropy (8bit):7.6481935848023594
          Encrypted:false
          SSDEEP:24:gAEQEnctIO3LF4iamzjY/P5PDfyhzZFo9:PTRx4ialfyhVu9
          MD5:6E8FB1C7C69AF09799C44E41EE084E65
          SHA1:51A0476244FDE2D40D662FC0EB2F13475F360CD0
          SHA-256:6A1DEE2D0274E3FE77C89D073BDF4385FE9A9B539296A1981AEAA5E230259A35
          SHA-512:C71905747708E10FE2D08E0841E43E74402947D690DE8AA71DE4A729D959D48C5903BE38334374BFE3D82926B7F1BD9F2E923034AA01E8B452A81F62AE8F2C1F
          Malicious:false
          Preview:.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........(J.....IDATXG..Mh.A..g.PEDTD..........xW.E..EA....=x..ME.*.-"(...ZO.X.C.F.......E.....7.I.m..4S....v.}....D.(.KM|.W..PJ........c)....~..Je...$1V.w.r.;h..B...T.s.RZ..t..^\..;.?....\.~.U...A..^..u!?......#....H.'..+...]....)..)...=..2.qn";...U.&\..Y/...=..^.h.....;...M.%.. =.Q.<..e.>.....)x.~Z.2..q..:./$`^0..qU...w..h*s7.+.L.`fh{..,F.F..1..b%..w.D;h....I}S...R*w/.6........r.5J.f.+.r}.\..ew.*.....s..68F..^p.(....]>.n7.%U..7F..-......Hb3Ita.=..$q.$N.%.o.W.c.......P%R.V.r.k..}e'.....|.Hy.D.hOP=..-+...w..Oj.o..Hl...X..2..L...4Z .#..q.],.1kJ@..'n.a...*E*..\R......P.z.@.m.=.%.'.e..,.....e..`>...'.K.......l........{B...<..?..Q.0.4.J.G6......c.A..lq..}.Kzc-..a9...l.n......6..%...h2Z./.,.Qg..o..\xX.......E....8.t..}.....IEND.B`.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\86289EC6.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):894
          Entropy (8bit):7.678169046837886
          Encrypted:false
          SSDEEP:24:51ig7SuOo+oUDyk/DUT9PTf2BxR7leXLA9:qg7RhsDyrT50wA9
          MD5:7177AE9389380A69EFE1949D606664C8
          SHA1:278D9595102B52A94A074CBBC59F42D0B1B4E4A9
          SHA-256:11E7B6D885EB5FF76CFEC7CD542BD7D35CA620CA9FC673A3F1D292DA6BDD56B6
          SHA-512:838A777B78FEAD27F94023853BC5ABBDFE10ACD57000FA93249AB3E4662A4A9F42FBD44CF4B5E96D194CF53B3DD234B143C3B99D63F5C93EB8A173FD794CEF14
          Malicious:false
          Preview:.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........(J.....IDATXG.W;hTA...6YQ.....0..D$.....(~+..n......F.P...f?Y.....D....N...&......&kv.s.L.o....5"x`....7w..<....Ii.....;I......l..J..AyL..|..u.>.~.../..A........4...U..%..cN .....Q......9....q.W.&...w{1v.Z.(3...5...(T' ...R..........O.A.a..R7."|..F.s2.cN..%7..j.g.1F..bO...#.=.~z..t.Z..4..h..LJR.......2.g...s..3....;...9l.+.&..l..Nh..o.66......s.|o..e..(.Hf.O}....S.....;*2...l..<..%.p...#b..S../D&..J}.V.l..S....{V.......K..% ..... .#.F.jA....Y.9......z..g...(..b7P......s.`..mw 8......?...4...Y.T.....j_.Z.aL.O..9.S`..Z.ES...0.ba.L..M+...y...:m@...c...0|.Z......6$.-'c.jo..l.O]..8..}+...c...yF.-t..w.M..$2....5..[q....9..-.[...L%2..|.....y\l.J..4N.|..N8.].v...Cp..........`d...~..8...}@..*|.....U.3....tX.Q0....c..TE+R.......{...W..v...h.../...;....?G.....IEND.B`.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9635E599.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):1751
          Entropy (8bit):7.84614172224687
          Encrypted:false
          SSDEEP:48:jO1PaZ05WvyeYSppVGULiCaFsDfQ3cEGn6qB8YCDEaDt:61PaZfXjVGUeCPDo3cjRaDt
          MD5:1E7A08F4C3D87AAA820129726CA17623
          SHA1:C57D7ECB8C6059B934C16BAFF7A6C17A68391E05
          SHA-256:34B9A77563C8219EAD15490C89CB0A9EB21DE16D624DACC41A1820C533C1E320
          SHA-512:9ECCDB7720C5EDC13FFED5E920362C6760BCFC997DB5861065697A4F38891F8F8AA9D187EFDC3BE78DB921DB7CD9F948A332B58D76A077C13238A4288C969323
          Malicious:false
          Preview:.PNG........IHDR... ... .....szz.....sRGB.........gAMA......a.....pHYs..........(J....lIDATXG.klTE..g.6. `R.(.1"(.. .....@l../>.l)1T."Q?..G| A.t[T.. ...R.A."A....R4....*P.;.....K.....{..9..93s.Vg.?Y........Hh t....C..V...eL.JU..oN....'.TZ/.+....'?.z7|....U.|h<$.F.Y.R...O.S.......p.n|,..jT..mDv....>N./.....1..i.....(......>./|..O....p.q........':p........2.....K.........V"..l..3.....O.Ea3.A....K.a.L.2E.2.)p3..w".H%.".%.h........R.1#...<..`G.....L.~+....._l...e......C..w.....$..Aok[|d!..n.e...|........(.o..i..6..Nx......K.*....@:u.L0Z.Cw%m.7s.../%WF.KlNdf.%.8...<.s....h..:.:....P?'..p.H.u.~..Fo.6_.........j;...u......T.>....O.......+zC.y..YA... h}."IJq<......".d.j..#e...p.|.Y..m.@....`qn^..........7......{.x....{....-.9.}..}..~m)O2.,9..9.z....I...=...2]K.....j.}.4...C.2/.~..vt.6..|..a..'#...4o..Q...c$'.a..t0u-,.*F..R*..$.=*}..j9..D7..W .Y.{..`./.6..ry..Q...I..cu.b...d...".%..b.\^D.. ....WN.-.<.e.kF...)..$Z...p....d..t..v....XA...@..+$k...g.".Z.........f.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\AF495EC4.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
          Category:dropped
          Size (bytes):2423
          Entropy (8bit):7.288239975125609
          Encrypted:false
          SSDEEP:48:qWZcaKOebBdLh50q0gAI3uIr/vy53xkrta4Hht/RjPdbpEoc:qWu/FD0ZI3uIrXy53xkRa4Bpj1EB
          MD5:FF1391F72B6DB6E1EC8DBAC322AB2632
          SHA1:A42C4C47A8C15DC51B86FFB9FE3E881015DBD8C7
          SHA-256:8B69770DF0114CFAE50FE7999D8FE53251EE248DA32A9F24C319BB08CCD96CCC
          SHA-512:D3722D83D31DA7D76DBDEDB58B787C4333963F3703BBB077421853D6886739A43E51AB907046CA2FE49AB4FC2ADA51BF1CEBFAC1CF5369003AC95D29EF011B01
          Malicious:false
          Preview:.PNG........IHDR...@...@.............gAMA......a.....PLTE...*f..f}.f~,f.3fz1f{0f|0f}6fx:fv8fw?fs>ft<fuFfoJflIfmHfnOfiOfjLfkAfr@fsDfpVfeUffQfhYfcXfd]fa\fbbf^ef\df]nfVkfYifZhf[{fO~fM|fNrfTqfUpfVtfSzfPxfQ`f`.f..f..f..f..f..f..f..h..h..h..h..j..f..f..f..f..f..f..j..j..l..l..m..n..f..f..f..f..f..f..f..f..f..f..f..p..p..r..t..t..t..u..w..x.#f. f.%f.(f. x. y."z.${.&|.'|.+../..0..2..6..8..8..<..=..B..G..H..J..M..M..Q..P..T..a..d..j..o..r..v..w..y..{..{.....f?.f<.f>.f:.f;.f<.f7.f6.f7.f9.f2.f4.f0.f1.f2.f-.f/.f+.f,.f-.f'.f(.f).f(.fJ.fH.fI.fJ.fE.fF.fG.fD.fE.fA.fC.f@.f..f..f..f..f..f..f..f..f..f..f..f..f..f..f$.f%.f!.f".f#.f .f!.f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f..f.................................................................................................................D......tRNS...................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D365EDF8.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:PNG image data, 20 x 20, 8-bit/color RGBA, non-interlaced
          Category:dropped
          Size (bytes):675
          Entropy (8bit):7.530740196896574
          Encrypted:false
          SSDEEP:12:6v/7i/+u8JFUTHIHk+xq+K0vOZD3MhefAL1O3TxnJQga8+ZERcdtG2BfeeY:muS2YM902Fge4Lc3F++T0fA
          MD5:4335901732CFEF19F751A1AEFEA89A64
          SHA1:60C36B1C3494CB77F3AE01280B086D3426D44CC9
          SHA-256:9C8E780EF4D2A7A94984976154896A9E9B3DA7F754D4953F054BC3393100511E
          SHA-512:02260C4C74B925A9616DA2F30FDFAE35C1C700D0FAC2BA7A568E9663F90391815307756D8B2FEAD5DA2F6C174A4168E5C73E051A6017408AB9AC43F78E4E9D4D
          Malicious:false
          Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...8IDAT8O...k.Q...s3.I....V-b+...........Vp..t. B..7. ...B..B....A....J.#6.....s'3i..X...r...5gF.1u/3.'.].....I..19.-.....v.2...`cC=.......H.8......\bl x.w..'sU.[.!.DT....r..M3(.#tD....R...wi8.8..C!....)...>u.`eS.Xo..]........}A....5.v.2...q..Y.._..,W..\....1F.....+.U8R....Z......@.....X.t|.C.hc9]w.e.s....h/..u..W.p...Z..A.JO.v.2xs..-..C.R<......G..mrY..o.C..>.n.|.'...~....5.-.;.:c..u|.M...6.V.D....J[..5.Y.N..n.(.....r.W..q.U...o.....e2.m^;.b?......{...q.Y...._.).b...p..+..#+........$.....BYp.]#.....7\.{T6...v<..MQ.........2.8...... qh.>.....IEND.B`.

          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{81391E92-C479-4B39-9CDE-2150CBB672E7}.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):19616
          Entropy (8bit):3.571173293865609
          Encrypted:false
          SSDEEP:384:JSgVKKaSTc1PVVVV+uK2cbD+RtEiZLj6SquOfwt3TkHUOff5NpjN54OffmNpjNhz:GSTc1XK2cbD+QW3SZjbM
          MD5:D5B00E4E2ACAE2C9E8C14984D0EC1275
          SHA1:3EF818F42D88702E9BF5AD9CEACC9FA339EDBB91
          SHA-256:B2693AAD91BA0118A304B9453562735F5491694D59B0862F8AD37BFF254EAEBB
          SHA-512:5A036AC5C32FC6C3C4856155AA22DED743E62E3C43EA1F1155B68E446D33AA065624E39075F29A33FE469125DAAFBDD3BE83B8D826759447B6F2A1C337F2B472
          Malicious:false
          Preview:....H.i. .g.u.y.s.,. .....C.o.u.l.d. .y.o.u. .p.l.e.a.s.e. .c.o.n.f.i.r.m. .i.f. .t.h.i.s. .i.s. .a. .p.h.i.s.h.i.n.g. .e.m.a.i.l.......T.h.a.n.k.s.,. .....E.n.q.u.i.r.i.e.s.. . . . ........E.m.a.i.l.:...H.Y.P.E.R.L.I.N.K. .".m.a.i.l.t.o.:.e.n.q.u.i.r.i.e.s.@.a.b.e.c...c.o...u.k.". .\.t. ."._.b.l.a.n.k.".................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................$..$.If....:V.......t.....6......4........4........a....*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728632534129074700_AA289D72-043B-4C20-81C9-C8D747D95117.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:ASCII text, with very long lines (28727), with CRLF line terminators
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.1823748887341617
          Encrypted:false
          SSDEEP:1536:L/uiUqnLeMTg9aSJsT9thNQLRJ6u0UPOOhIrQrN6D8r11AAdjiOo3o4Vb06u1K3m:k6LB6aSspKJ2X
          MD5:E497D8160510579DF93AB68917734D9B
          SHA1:48BCDEAB387C3C9870D47B6253E5215D95C3A94F
          SHA-256:E20F0A6D08ED204224BD3ACD3E61BF0A61879FB475BA9BE4F7740209DB5682EF
          SHA-512:A75075C03DBC1B89CFA25FC8E35FCF1A9154559F34397382D3C8BD84B2718E304867BB9A94D4291FDA2AD142CE323233B9E7A3A49CCB8C314BE5323B8127706F
          Malicious:false
          Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/11/2024 07:42:14.182.OUTLOOK (0x5D8).0x7E4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-10-11T07:42:14.182Z","Contract":"Office.System.Activity","Activity.CV":"cp0oqjsEIEyBycjXR9lRFw.4.9","Activity.Duration":12,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/11/2024 07:42:14.214.OUTLOOK (0x5D8).0x7E4.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-11T07:42:14.214Z","Contract":"Office.System.Activity","Activity.CV":"cp0oqjsEIEyBycjXR9lRFw.4.10","Activity.Duration":26385,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorVersi

          C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728632534130029500_AA289D72-043B-4C20-81C9-C8D747D95117.log

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):20971520
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:3::
          MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
          SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
          SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
          SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
          Malicious:false
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241011T0342130792-1496.etl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):106496
          Entropy (8bit):4.511940820153542
          Encrypted:false
          SSDEEP:768:vJXzOHVYTjfxad5Pms4c709/Arkv5DXVxH/tn9WLWhxWvWL:vO4m09/AgBDXV3/p
          MD5:55486EA518FC4C33A324EE6101C6FAF1
          SHA1:999E470704299B3267920F94504D4C8FB0FA83CD
          SHA-256:D368773F7726A22EF31FBBFB28AA541AA6ABFD8387137426D8FB4AF262B20646
          SHA-512:E9E652824C88B109EAAAD1E91E373B5475E5BEB39A972DFA96A0BF17F126731D2ADB5E4700C3343C2E871F75AAA5F78F6237C3C93CEBE3F1F048938988F0AEDE
          Malicious:false
          Preview:............................................................................b.............{.....................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...........................................................@.................{.............v.2._.O.U.T.L.O.O.K.:.5.d.8.:.f.5.f.8.a.f.a.5.8.1.a.0.4.8.e.9.b.b.c.5.8.d.3.6.5.1.4.f.a.c.2.7...C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.1.1.T.0.3.4.2.1.3.0.7.9.2.-.1.4.9.6...e.t.l.............P.P...........~.....................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):30
          Entropy (8bit):1.2389205950315936
          Encrypted:false
          SSDEEP:3:enml7tt:enmr
          MD5:3C054A0CAE2D7259678EA7316DF206A4
          SHA1:83F8AA16E7B7D00A6F05152835A3FCE1287F1B54
          SHA-256:04C6301765F369B206839702DF331C046E67B4E7309A1B03A059B6E9A08C2181
          SHA-512:FDA6C5FC9E4346E1417EB14C9C52DD28EFEB06315B801E8F2089659EA026335464B5662960A9557ED3A0485A3D3D7AAEEAC555D460D5D51D63ABE3C686E8EEBB
          Malicious:false
          Preview:....iB........................

          C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Composite Document File V2 Document, Cannot read section info
          Category:dropped
          Size (bytes):16384
          Entropy (8bit):0.6701025269546834
          Encrypted:false
          SSDEEP:12:rl3baFtqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCN9vm:rBmnq1Py961N9+
          MD5:1FD41EF17296708CA085528FD1D552C7
          SHA1:487CB7A341DC23C21FE5C93CFAEE3EB2F644FDEF
          SHA-256:F3589097E8E7FEA87491B8F674CBA79D5D3DA522F8DB45B0C1485AA967E286A6
          SHA-512:226E238B51533B32FE143E0F40C4A543507DE47C11CC0C7F98B75958FD0EB754FDD6D4C047A27B443E6FBDE4DDEA5ACFE599DA5C4567FEFB744D7E9242730710
          Malicious:false
          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
          Category:modified
          Size (bytes):18
          Entropy (8bit):2.836591668108979
          Encrypted:false
          SSDEEP:3:QETlbol9:QEiv
          MD5:5FFBAD261CA1D087BDEA2DAA185561A0
          SHA1:A961E6EBC140F64BC9CBD47EB820DF77764969AB
          SHA-256:2FFE94EBE8D67CD72EE7F1D088DA8AC1B6BA2EBAB80463CC38AC10617ADF933B
          SHA-512:DE56BFA3EF7EB40E7D40CCEC2A99795CEEEB708F7D2E47520A6F82AAC3A72D69F4887BF3C515FB0C0136AF6D04DC90E4CBF4A704E13561EC3171373ABAE1D73A
          Malicious:false
          Preview:..a.l.f.o.n.s.....

          C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:Microsoft Outlook email folder (>=2003)
          Category:dropped
          Size (bytes):271360
          Entropy (8bit):5.589085575493587
          Encrypted:false
          SSDEEP:3072:v8duQxemQDHD+1nq7PhbpuHp5ng4IrgVkjaYpRp9Ws9p9:vTEemQDHD+1nq7Phbp4s40gVkj/Tn9
          MD5:4CBCA7212C9403F411AC6706C02817DE
          SHA1:E4FCFB988DFCEE87E7DDC12B983E65EB57A24E30
          SHA-256:9438D76006C4CFBF64DEC57FD283DB67070AC76A9C6D828A82267583E2480820
          SHA-512:4CEA36193C3486548C7C54BE1B005FCC7A369C884D346481F08EF9A8ECB685AA6FF3C68ADD3830B7D9F9292A5280062B6BFD2AFA0F6784DB3125E038B8682331
          Malicious:false
          Preview:!BDN.M..SM......\....9..........9.......u................@...........@...@...................................@...........................................................................$.......D......................3...............8...........................................................................................................................................................................................................................................................................................`.......D..f.<A.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
          File Type:data
          Category:dropped
          Size (bytes):262144
          Entropy (8bit):5.091679654886046
          Encrypted:false
          SSDEEP:3072:JmMQDHD+1nq7Phs07OSuem5Cg4hrKVkPaCMp99:JmMQDHD+1nq7Phs07OSp44lKVkPIt
          MD5:C82B4B8F43A410F375B644A86147BEFC
          SHA1:7058522C011CC5409ABEDC84A161D1306BB86732
          SHA-256:D2E9AAB22903E914286F6DA7289C93B469F24A61C091E95F9289878214879C91
          SHA-512:3887F04CBFD9C5800A39208CE3874E722C19A76D845A3D5BEC92D255C37D3053445DFE6B7500CFE3CCF905F31A3CEA1CFB975035AF70721BC688EDB6450564D0
          Malicious:false
          Preview:n.D.0............................D............#.............................................................~............................................................................................................................................................................................................................................................................................................................................................................................................................................................D........3.0............................B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

          Static File Info

          General

          File type:ASCII text, with very long lines (347), with CRLF line terminators
          Entropy (8bit):6.192032158810093
          TrID:
            File name:OriginatingEmail (77).eml
            File size:138'256 bytes
            MD5:ef239d93bc6d36a643beefd8a8a49523
            SHA1:b2999f48c1de349670245bbf8614524426be8ada
            SHA256:282c304a31feea3a3b1ea0e276cc527287002d3026db0191503940e1233d4ec0
            SHA512:a7a93c8f518a657b94d5a590f2b9ad2a776b231872b7660a26b1493a981d433c9f3cafe4c797fc04bea956286e5023fcc6c196c983ed7bcbc9b4431557ad2e5f
            SSDEEP:3072:Lj70RgvYBzVPiPUPsuWxEYiJeuh3HiuuWnoayqtng1oiYg4M3:Lj70RgvYlVKcTWxbiJeulBnoa5Zeo+t3
            TLSH:8FD3F03087109863557160F1F510FEA45298AFEDD23794D0B92FB0BA2CCE4BB6B5728E
            File Content Preview: 138242 octets..Return-Path: <helpdesk+SRS=NuamY=RG=abec.co.uk=enquiries@flywheel-it.co.uk>..X-Original-To: helpdesk.Flywheel-it.co.uk@email.uk.autotask.net..Delivered-To: catchall@email.uk.autotask.net..X-Autotask-To: helpdesk.Flywheel-it.co.uk@email.uk.

            Static Mail

            General

            Subject:FW: We require assistance on a DHL International (UK) Limited matter.
            From:Enquiries <enquiries@abec.co.uk>
            To:Flywheel IT Services - Helpdesk <helpdesk@flywheel-it.co.uk>
            Cc:
            BCC:
            Date:Thu, 10 Oct 2024 16:44:19 +0000
            Communications:
            • Hi guys, Could you please confirm if this is a phishing email. Thanks, Enquiries Email: enquiries@abec.co.uk | Head Office: Building & Energy Management Systems (BeMS), PMS, PLC & SCADA Specialists Head Office: Automated Building & Energy Controls Limited 7 Miller Court, Severn Drive, Tewkesbury Business Park, Tewkesbury, Gloucestershire, GL20 8DN T: 01684 853780 Regional Offices: London / Wokingham / Dublin / Qatar If you wish to view ABEC GDPR Policy then please click the following link - www.abec.co.uk/gdpr www.abec.co.uk
            • From: noreply@controlaccount.com <noreply@controlaccount.com> Sent: 10 October 2024 09:31 To: Enquiries <enquiries@abec.co.uk> Subject: We require assistance on a DHL International (UK) Limited matter. Importance: High Good Morning, DHL International (UK) Limited has appointed us to act on their behalf. An urgent matter requires your attention. To resolve this issue, please log on to our online customer portal at my.controlaccount.com <https://my.controlaccount.com> using your Controlaccount reference number 4187733 . From here you will be able to view latest status on the account we have for you, as well as download a statement, view invoices, and raise an enquiry. Get in touch [cid:image001.png@01DB1B3C.07A4A520] Manage your account here my.controlaccount.com <https://my.controlaccount.com> [cid:image002.png@01DB1B3C.07A4A520] Our web chat agents are available at my.controlaccount.com?web-chat=1 <https://my.controlaccount.com?web-chat=1> [cid:image003.png@01DB1B3C.07A4A520] Call us on 01527 386596 <tel:01527%20386596> - we're open from 8:30am to 5:30pm weekdays. This email has been sent from an unmonitored box, therefore any replies to this address will not be actioned. Control account www.controlaccount.com <https://app-uk.bitdam.com/api/v1.0/links/rewrite_click/?rewrite_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZXdyaXRlX2lkIjoiNjcwNzkwYmRmNDUzNThhOGQ5YzM3YzkxIiwidXJsIjoiIiwib3JnYW5pemF0aW9uX2lkIjozMjk1MH0.Pc9ewGcK3EUH7dPDy5_K6XVSREHou-b3QBTjYXKNVTA&url=https%3A//www.controlaccount.com> [ca-logo] Part of the Broadriver Group Registered Office: Compass House, Waterside, Hanbury Rd, Bromsgrove, B60 4FD. Registered in England & Wales No: 2765607
            Attachments:
            • calogo
            • image001.png
            • image002.png
            • image003.png
            • image637270.png
            • image675402.png
            • image991256.png

            Headers

            Key Value
            Return-Path<helpdesk+SRS=NuamY=RG=abec.co.uk=enquiries@flywheel-it.co.uk>
            X-Original-Tohelpdesk.Flywheel-it.co.uk@email.uk.autotask.net
            Delivered-Tocatchall@email.uk.autotask.net
            X-Autotask-Tohelpdesk.Flywheel-it.co.uk@email.uk.autotask.net
            Receivedfrom CWXP123MB4293.GBRP123.PROD.OUTLOOK.COM ([fe80::a966:994e:253a:9141]) by CWXP123MB4293.GBRP123.PROD.OUTLOOK.COM ([fe80::a966:994e:253a:9141%4]) with mapi id 15.20.8048.017; Thu, 10 Oct 2024 16:44:19 +0000
            Resent-DateThu, 10 Oct 2024 17:44:35 +0100
            Resent-Message-Id<202410101644.49AGiYSC157466@rly11h.srv.mailcontrol.com>
            ARC-Seali=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=oBNoirjGUnskcW26Xrrluz42PtTwaffUhvj19ec4weB1eTUW3tnEWB9KWxeK+IEUZ4hj79KK4Gq2C/D7Wi1G12VoeUiyD1eZ1rsTjRRGC03DrOsC8AJAaNOF6E9+68NpvJNw06aA3hBuGC6Y077+lyivDdtaGKv2CvHrH2dSN3Vs4pdIyAsjQvy3bkiBXuZ8UF6LE/1AtrUvsbIRUF7jZf6b3S25ZKXUKK/Piu2yZNWLSUW+DS3f6k4UCkkyp/IdC//NB8DaQnFEbPJ4smE6oYCC7f62jnqwtmPQ3oCaagexSH4IiDMOk6Y1nZk1e1hnHl7Z1bLD4rY9vOKh8P9img==
            ARC-Message-Signaturei=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RQp460z98tBGn/MtHmT3Fhq4DLD2JAmqKV2TvCoQdJ4=; b=voIZE6oVIek7zoalR9HmhQmXt497fQdkAS0P/J4X+sYPyJH+bl+IxrE0r0WkUvDIr9Ny8p8kwVUYlKm4Dw+N7U81JWAIoDy9T/K7bUxCex33oLTGfSvdxQ74Y7R21emNUVqjZjpFJjDA0DY0URmpvsRCUKssZ4lmzj68n4PeKB7SAe0hmfWsT9PJTK+ItudKTQqN4OSu8JlOsH5HF0f1B6CXSEghrRS+v/07H+dABkyJ7IJbFjcHxZSLC2XosYKj/hZ0xW6SWczzaC9F2XO+whSiNIKQs0BJygoWoj6WO5uQ1hEy9I8R1gZoU4540xI7TKsMtkFWMO4wO2dP1cQHFg==
            ARC-Authentication-Resultsi=1; mx.microsoft.com 1; spf=pass (sender ip is 52.169.0.179) smtp.rcpttodomain=flywheel-it.co.uk smtp.mailfrom=abec.co.uk; dmarc=bestguesspass action=none header.from=abec.co.uk; dkim=none (message not signed); arc=none (0)
            DKIM-Signaturev=1; a=rsa-sha256; c=relaxed/relaxed; d=abecuk.onmicrosoft.com; s=selector2-abecuk-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RQp460z98tBGn/MtHmT3Fhq4DLD2JAmqKV2TvCoQdJ4=; b=RU9SWoyBI65r+42pU256LHhHSHmSGQ+lU+lLj94T1L16FiG1mmo/U2XIn2aWzCkv5meXTQF2q001vihZfHC9ewSfAIXQUQQzQ5INjvrQGeTkzBHLTPlPgfzoUIvkDqm3PgRhoq60xJZnWnu4JMItjR6Ba80npaCD1LZ3KIzLIhQ=
            Resent-Fromhelpdesk@flywheel-it.co.uk
            Authentication-Resultsspf=pass (sender IP is 40.107.122.113) smtp.mailfrom=abec.co.uk; dkim=pass (signature was verified) header.d=abecuk.onmicrosoft.com;dmarc=bestguesspass action=none header.from=abec.co.uk;
            Received-SPFPass (protection.outlook.com: domain of abec.co.uk designates 52.169.0.179 as permitted sender) receiver=protection.outlook.com; client-ip=52.169.0.179; helo=eu2.smtp.exclaimer.net; pr=C
            X-MS-Exchange-Authentication-Resultsspf=pass (sender IP is 52.169.0.179) smtp.mailfrom=abec.co.uk; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=abec.co.uk;
            X-ExclaimerHostedSignatures-MessageProcessedtrue
            X-ExclaimerProxyLatency44401138
            X-ExclaimerImprintLatency39541589
            X-ExclaimerImprintActionbd1d332170344609bc09cac6569ad97d
            FromEnquiries <enquiries@abec.co.uk>
            ToFlywheel IT Services - Helpdesk <helpdesk@flywheel-it.co.uk>
            SubjectFW: We require assistance on a DHL International (UK) Limited matter.
            Thread-TopicWe require assistance on a DHL International (UK) Limited matter.
            Thread-IndexAQHbGu6267xZ4BSzB02RI0F/l4VYNrKAMVJA
            Importancehigh
            X-Priority1
            DateThu, 10 Oct 2024 16:44:19 +0000
            Message-ID <CWXP123MB4293D6642F36A7591D74BC28DF782@CWXP123MB4293.GBRP123.PROD.OUTLOOK.COM>
            References<202410100830.49A8U2Om005267@mail.authsmtp.com>
            In-Reply-To<202410100830.49A8U2Om005267@mail.authsmtp.com>
            Accept-Languageen-US
            Content-Languageen-US
            X-MS-Has-Attachyes
            X-MS-TNEF-Correlator
            Authentication-Results-Originaldkim=none (message not signed) header.d=none;dmarc=none action=none header.from=abec.co.uk;
            x-ms-exchange-messagesentrepresentingtype1
            x-ms-traffictypediagnostic CWXP123MB4293:EE_|LO4P123MB6926:EE_|AMS0EPF00000195:EE_|LO2P123MB7417:EE_|CW2PEPF000056BE:EE_|LO4P123MB6725:EE_
            X-MS-Office365-Filtering-Correlation-Ida42c530f-9b56-43f2-d26a-08dce94ad0a1
            X-MS-Exchange-SenderADCheck1
            X-MS-Exchange-AntiSpam-Relay0
            X-Microsoft-Antispam-Untrusted BCL:0;ARA:13230040|30052699003|82310400026|35042699022|36860700013|376014|1800799024;
            X-Microsoft-Antispam-Message-Info-Original kSUNwbQ2YhFTIcyEt7EZrR89sSRtUpcYA4wG0eQ9v3WFTBIfyF4HZzj8uG/f/Ek35o7zgQ4bD65AkBeU4WJOSrO0o1XDhyXUe9pxsoyBy0CyV6fTHMq84NcrFM7UZAno3ij/tZnAV1rnZHKGh3H/bR0V1/fBQjeFJw9yysMwsywxeTcC/Bp7R5ZKY0PRW5B8GLAz/xo1kYJkWXBzqQI8L/rNMBe8O9JsLgtMW7nvkLQe8k6rXSHM136oX7WHUFKwRaMdfAuvDF2grRltJrBCLKevSbf8DXPhElQmRmv24aOTcY16OQ9Ut2dmajdMJcuZ7/JEnaR70vmOi83N7f4xZfiZrA2LRk8CLWVnHdhxgEkNJlZ9qA3ydI29JH5YddzzA5509gc144z+qFr55jSSfwz+u2y2XrBhGwrsfVL1q7OazHfz27ywYlzgNc0S6l4DYi9L82DPR3+Ti7MWUS0uB+eyVLxzVTSWfvAIbl7+ax8nRnqJfjDKcs5g4BOPR0Ld60t4+zQTwQ9BN7ObcbrvIUTKdwDO2MGiawo7hmWEsa4cwLcw9uI4dIHF18sq8fsl4aoDzJ9Mlsws70QUkKk1fdS0I9nPmpwFDjwugxK9Wky+N4lD497hpA/hZYgguXbPfKfURNHk6S2QtcxDMuVSoB9fk8QaK3LBVJT0aPIAq01YhOo4HrPIZDhwZBqdiYCSiXZq7TPR1R0YAJvdjBze+JDG/+ZiibGPaONr3bsW7oOwNcnB5aEdS0r7aNiYWi9+N/pu/ZMHl84N/YM70KoJ6+6qAOHRDqEwZz0A3g5xgMrvfxnSYsCzGmba54aRrVADvM/vNESMiNSSO2c5uYMlG7hKssqOnzXwQvGQ0Zo1+js5//uXbCcsTFPJR3GMEbiQUGpCyEdOVgwi/X/Cg6+moUnDfmCe5TggPXJGWxBn0UBQDsj8WloMiWo2Keimu+lCQREJZOzbcncJBWOcDRNrh7Hzhpx0q3y95X4wzi8zxGvXZCvOUL+ugyIbb+pbIWtLX366+ybvXk08DUkCe1pQvV9MM5ytddWtRT7+cTs70hqmtmpvjeUVS7usJZdtP7rtn8DR1U0x0tTbejnR4VkbBSdQwasIVJlCDpXkxLVFLbiyKeBnKCCPbooyR9v1n+mM2oc4sRXn1TYtMeZL56z+HqUhYCOYChi9Z3JW1KWdQFU+TvRssccD3RzdF3I94Dt1Erhk9zgEyhK/zCBQKv42tXJ+ABUYPlJxZRT0CFQUjtMqdpziCjSx/CdpzpfSEsLiHddmUS3HhY3FVw81QL+pKvZkjh7Zl+sr3QG1yGKYaMFUrkUvgU3sDmfmN2y7hAVv
            X-Forefront-Antispam-Report-Untrusted CIP:52.169.0.179;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:eu2.smtp.exclaimer.net;PTR:eu2.smtp.exclaimer.net;CAT:NONE;SFS:(13230040)(30052699003)(82310400026)(35042699022)(36860700013)(376014)(1800799024);DIR:OUT;SFP:1102;
            Content-Typemultipart/related; boundary="_007_CWXP123MB4293D6642F36A7591D74BC28DF782CWXP123MB4293GBRP_"; type="multipart/alternative"
            MIME-Version1.0
            X-MS-Exchange-Transport-CrossTenantHeadersStampedLO4P123MB6725
            X-EOPAttributedMessage1
            X-MS-Exchange-Transport-CrossTenantHeadersStripped CW2PEPF000056BE.GBRP265.PROD.OUTLOOK.COM
            X-MS-Office365-Filtering-Correlation-Id-Prvs a82da32a-5b3f-46dd-8a83-08dce94acde7
            X-EOPTenantAttributedMessage64715364-923d-4f45-9445-58ecf245820d:0
            X-MS-Exchange-Transport-CrossTenantHeadersPromoted CW2PEPF000056BE.GBRP265.PROD.OUTLOOK.COM
            X-MS-PublicTrafficTypeEmail
            X-LD-Processed64715364-923d-4f45-9445-58ecf245820d,ExtFwd
            X-MS-Exchange-AtpMessagePropertiesSA
            X-Microsoft-Antispam BCL:0;ARA:13230040|30052699003|48200799018|61400799027|376014|9140799003|35042699022;
            X-Microsoft-Antispam-Message-Info mCldXuK2eHUw6ofNAPGkYbdNT3oIPWyraUrp0XSY3jFfLTDYQJ+G+a2nXx4LPr+koVd3Ri1nha9eVDnTKL8SSpFekl4axLOXFSat3yRRTX7kecd5hpS/tEF4S0uEoKXMyk7Rod5RyLn7hfCyziZ/xc/dJ5cM2xdfLGbVm3hD39GP3GSowyWWt0SR0VShvegsf394Da8DoH+n3sKfeBN/iN2Aivnj8/VnvkjgOeCh8it7LMD4bCzecLUjdN8iQYV+3O2imJoBsRh91NOir9RMa032i/3PMA9NGbY427KSiTVjlqyLbjRTcIv0pQHL0xIh526akVrlWj1UNw/5XYTJ1mXuP2FxKeQ9alZ+shlSFBjveDWYtWmatOYZO/hAvNrYw/4aUdk2H37vEJDb+4A+aZKL8Ztsb0eOnF8YsTLynaJiHYlLg8+FyTLE04HHuHXnejyUDN5QrnMBZFVI7WvdKQXgzGtm9XNoaRQxd3DvcHoKFRJV3EjPLAEqnluK2xHkWGTrVFuogwbuAxjJVwBCenxhGpVDhsP6N/1N+1sk8EfhqMparXxuOc9/eMQDUMG3TLdhjsUG+ouN5pBA2qkMDXBSU0OYF6oB/ASa70pl7NKWQn+v6YX8kbSO4Xo6LQbfhsjPX9ogx9xB79xzYX5Xejn07W06z2vUp9r876RM9dCt/eaZhCCESAdaNOvnR1bqff1P5GaRj6XH7jFagOJ7INF0wGMuFF8a8EfXOE2Ket2L5cUFNhKSd8A1kXPYe/XomJPV2f/HxgOf1PiF8frx9Lqtj38XIeK4a30V8dv3Ob5LUK2/+XaWqeood2yfIDP5T4b51nslHiINK8Sy/CPJCbS2XErJvYjAKyTOstSuIG4Tw3BsOxM18JLjYRPWK5QIfvXueBtA8RxbjaIMwP82eDyb/827kJAhnglScoa2AjGP+aKz7FXi1Rf0EkIZc+0fYJvnTiIuc1Rfe8KqhEPTv3rRrq0kZP0M9l/e8S+m6g7ZOvonuG9THOn6UfWWYnE5wuTf+pJ8XSa5hYCrFvGncW2IUmBER3K+BY8vldWpDjg2RNsIZfLl31UxiczAkNNPAz1gdHap6h1E2QgfE6fmL4aF4bnpbTdM8DrHnzhhW+R0g+RJVSqRYl6/U6LJHmpdB48KrjLmR66A8121uqx1/x7dOEEga2YK2puQlDZo538DJT4z+f04Q2KRNMs9UMfGnKOUg+9pHd5HdJ2TEPNVBlmTq+f7uvHOusy4tYvt+F+nsy/M8fDeBG4XIxvj5uWSPo/ck3ClBLYBoB/slKWCQ2TMTP7E0l8+XoDxOTjOG6rjfYj6STXeuBxINgkbAoRp
            X-Forefront-Antispam-Report CIP:40.107.122.113;CTRY:GB;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GBR01-LO4-obe.outbound.protection.outlook.com;PTR:mail-lo4gbr01on2113.outbound.protection.outlook.com;CAT:NONE;SFS:(13230040)(30052699003)(48200799018)(61400799027)(376014)(9140799003)(35042699022);DIR:OUT;SFP:1102;
            X-ExternalRecipientOutboundConnectors64715364-923d-4f45-9445-58ecf245820d
            X-MS-Exchange-ForwardingLoop helpdesk@flywheel-it.co.uk;64715364-923d-4f45-9445-58ecf245820d
            X-OriginatorOrgflywheel-it.co.uk
            X-MS-Exchange-CrossTenant-OriginalArrivalTime10 Oct 2024 16:44:31.6573 (UTC)
            X-MS-Exchange-CrossTenant-Network-Message-Ida42c530f-9b56-43f2-d26a-08dce94ad0a1
            X-MS-Exchange-CrossTenant-Id64715364-923d-4f45-9445-58ecf245820d
            X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIpTenantId=d3b5e0c7-d966-4090-8867-1fadec49da99;Ip=[52.169.0.179];Helo=[eu2.smtp.exclaimer.net]
            X-MS-Exchange-CrossTenant-AuthSourceCW2PEPF000056BE.GBRP265.PROD.OUTLOOK.COM
            X-MS-Exchange-CrossTenant-AuthAsAnonymous
            X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
            X-MailControlDKIMCheckcGFzcyBhYmVjdWsub25taWNyb3NvZnQuY29tIFtwYXNzXQ==
            X-Mailcontrol-InboundtcXnPOqwOO8eBua!Pp3ilO89EKmRIBS0zx4ervmPNlFUT4S4xXAc369IR2gf4MrDo4wE4oP6bSXmUf9hGF9DsRp5jwMVNGfKqrs8pPsRcwE=
            X-Spam-Score-1.5
            X-MailControl-ReportSpamhttps://www.mailcontrol.com/sr/3TVNCrdngHXGX2PQPOmvUuccc-J3Pw4GdCwoLZMwPnIyxT_JCZOKepqfyJOg8rr_vnU59C1DjSMYNBM7q0TQEQ==
            X-Scanned-ByMailControl 44278.2145 (www.mailcontrol.com) on 10.72.0.121

            File Icon

            Icon Hash:46070c0a8e0c67d6

            Network Behavior

            Network Port Distribution

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Oct 11, 2024 09:42:37.522121906 CEST5362054162.159.36.2192.168.2.5
            Oct 11, 2024 09:42:38.623764992 CEST6379253192.168.2.51.1.1.1
            Oct 11, 2024 09:42:38.637567043 CEST53637921.1.1.1192.168.2.5

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Oct 11, 2024 09:42:38.623764992 CEST192.168.2.51.1.1.10x3e72Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Oct 11, 2024 09:42:38.637567043 CEST1.1.1.1192.168.2.50x3e72Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:03:42:10
            Start date:11/10/2024
            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
            Wow64 process (32bit):true
            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\OriginatingEmail (77).eml"
            Imagebase:0x200000
            File size:34'446'744 bytes
            MD5 hash:91A5292942864110ED734005B7E005C0
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:false

            General

            Target ID:2
            Start time:03:42:16
            Start date:11/10/2024
            Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "D1489F13-FA13-4908-851B-3753E854F971" "406C240C-67B3-4ABA-8517-E28F66F2FB8D" "1496" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
            Imagebase:0x7ff7f70f0000
            File size:710'048 bytes
            MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:false

            Disassembly

            No disassembly