Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Sample name:	phish_alert_sp2_2.0.0.0.eml
Analysis ID:	1531694
MD5:	d9d874ff1eb3dbf809345d7d6f2509ec
SHA1:	ad720ca6777233dc90ab6b09fc44667e5ef5b889
SHA256:	6d702762dbf87afbd3a560b77786eb584c8b05e26495152d92f2d591a7072727
Infos:

Detection

Score:	23
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

AI detected landing page (webpage, office document or email)

Detected non-DNS traffic on DNS port

HTML body contains password input but no form action

HTML page contains hidden javascript code

Queries the volume information (name, serial number etc) of a device

Sigma detected: Office Autorun Keys Modification

Stores files to the Windows start menu directory

Classification

Signatures

HTML body contains password input but no form action

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

HTTP Parser: Base64 decoded: <?xml version="1.0" encoding="UTF-8"?><svg xmlns="http://www.w3.org/2000/svg" width="18" height="100%" viewBox="0 0 18 18" class="btn-google__svg"> <path d="M17.64 9.2a11 11 0 0 0-.16-1.84H9v3.49h4.84a4.12 4.12 0 0 1-1.79 2.71v2.26H15a8.78 8.78 0 0 0...

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://12370631.fls.doubleclick.net/activityi;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://12370631.fls.doubleclick.net/activityi;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://12370631.fls.doubleclick.net/activityi;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

HTTP Parser: <input type="password" .../> found

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

HTTP Parser: No favicon

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="author".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="author".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="author".. found

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="copyright".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="copyright".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:58079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58199 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: eur02.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: app.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.segment.com
Source: global traffic	DNS traffic detected: DNS query: edge.fullstory.com
Source: global traffic	DNS traffic detected: DNS query: static.prod.pandadoc-static.com
Source: global traffic	DNS traffic detected: DNS query: tag.clearbitscripts.com
Source: global traffic	DNS traffic detected: DNS query: x.clearbitjs.com
Source: global traffic	DNS traffic detected: DNS query: sentry.infrastructure.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: api.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: ad.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: geolocation.onetrust.com
Source: global traffic	DNS traffic detected: DNS query: api.segment.io
Source: global traffic	DNS traffic detected: DNS query: app.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: d31uqz37bvu6i7.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-analytics.net
Source: global traffic	DNS traffic detected: DNS query: dr79nymq4x8i9.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: 12370631.fls.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: adservice.google.com
Source: global traffic	DNS traffic detected: DNS query: js-na1.hs-scripts.com
Source: global traffic	DNS traffic detected: DNS query: track.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: d3m3a7p0ze7hmq.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-banner.com

Source: unknown	Network traffic detected: HTTP traffic on port 58186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58100
Source: unknown	Network traffic detected: HTTP traffic on port 58192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58113
Source: unknown	Network traffic detected: HTTP traffic on port 58174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58114
Source: unknown	Network traffic detected: HTTP traffic on port 58122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58110
Source: unknown	Network traffic detected: HTTP traffic on port 58157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58116
Source: unknown	Network traffic detected: HTTP traffic on port 58146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58119
Source: unknown	Network traffic detected: HTTP traffic on port 58169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58125
Source: unknown	Network traffic detected: HTTP traffic on port 58127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58120
Source: unknown	Network traffic detected: HTTP traffic on port 58089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58121
Source: unknown	Network traffic detected: HTTP traffic on port 58133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58134
Source: unknown	Network traffic detected: HTTP traffic on port 58090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58137
Source: unknown	Network traffic detected: HTTP traffic on port 58197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58132
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58201
Source: unknown	Network traffic detected: HTTP traffic on port 58123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58188
Source: unknown	Network traffic detected: HTTP traffic on port 58102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58182
Source: unknown	Network traffic detected: HTTP traffic on port 58131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58181
Source: unknown	Network traffic detected: HTTP traffic on port 58154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58183
Source: unknown	Network traffic detected: HTTP traffic on port 58177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58180
Source: unknown	Network traffic detected: HTTP traffic on port 58137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58079
Source: unknown	Network traffic detected: HTTP traffic on port 58092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58199
Source: unknown	Network traffic detected: HTTP traffic on port 58119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58192
Source: unknown	Network traffic detected: HTTP traffic on port 58086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58190
Source: unknown	Network traffic detected: HTTP traffic on port 58113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58084
Source: unknown	Network traffic detected: HTTP traffic on port 58081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58081
Source: unknown	Network traffic detected: HTTP traffic on port 58194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58097
Source: unknown	Network traffic detected: HTTP traffic on port 58130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58094
Source: unknown	Network traffic detected: HTTP traffic on port 58155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58090
Source: unknown	Network traffic detected: HTTP traffic on port 58172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58091
Source: unknown	Network traffic detected: HTTP traffic on port 58115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58138
Source: unknown	Network traffic detected: HTTP traffic on port 58182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58141
Source: unknown	Network traffic detected: HTTP traffic on port 58121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58140
Source: unknown	Network traffic detected: HTTP traffic on port 58158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58149
Source: unknown	Network traffic detected: HTTP traffic on port 58164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58159
Source: unknown	Network traffic detected: HTTP traffic on port 58126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58158
Source: unknown	Network traffic detected: HTTP traffic on port 58199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58154
Source: unknown	Network traffic detected: HTTP traffic on port 58132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58151
Source: unknown	Network traffic detected: HTTP traffic on port 58170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58150
Source: unknown	Network traffic detected: HTTP traffic on port 58153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58161
Source: unknown	Network traffic detected: HTTP traffic on port 58171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58178
Source: unknown	Network traffic detected: HTTP traffic on port 58094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58175
Source: unknown	Network traffic detected: HTTP traffic on port 58088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58177
Source: unknown	Network traffic detected: HTTP traffic on port 58103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58171
Source: unknown	Network traffic detected: HTTP traffic on port 58193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58172
Source: unknown	Network traffic detected: HTTP traffic on port 58159 -> 443

Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:58079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58199 version: TLS 1.2

Source: classification engine

Classification label: sus23.winEML@19/58@92/502

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241011T1010520455-7100.etl

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "37DDDAEE-9F34-4813-B165-420FD6211B01" "7F385A7B-179E-4911-ACAD-354D4B1CB9DA" "7100" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.pandadoc.com%2Fcollaborator%2Fq779Y8X3yd4DqtXnoDyU2Y%2Fdocument%2FC2edxovHUsjF2GgqzPKjZ7%2Fsignup%2F&data=05%7C02%7Cy.atamaniuk%40gms.net%7C2379b2dd68f64c818cab08dce94808b0%7Cb257b72ab83c4005915bce5ce92eaad2%7C1%7C0%7C638641742839616804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=rNowDTcUQfioIu6tQR89ajyK0OiKQBTLi%2B%2BrVqSyBVo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1948,i,13608333319017150822,94770162492369872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "37DDDAEE-9F34-4813-B165-420FD6211B01" "7F385A7B-179E-4911-ACAD-354D4B1CB9DA" "7100" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.pandadoc.com%2Fcollaborator%2Fq779Y8X3yd4DqtXnoDyU2Y%2Fdocument%2FC2edxovHUsjF2GgqzPKjZ7%2Fsignup%2F&data=05%7C02%7Cy.atamaniuk%40gms.net%7C2379b2dd68f64c818cab08dce94808b0%7Cb257b72ab83c4005915bce5ce92eaad2%7C1%7C0%7C638641742839616804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=rNowDTcUQfioIu6tQR89ajyK0OiKQBTLi%2B%2BrVqSyBVo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1948,i,13608333319017150822,94770162492369872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: Email	LLM: Page contains button: 'OPEN THE DOCUMENT' Source: 'Email'
Source: Email	LLM: Email contains prominent button: 'open the document'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.160.35.184	unknown	United States	16509	AMAZON-02US	false
20.189.173.4	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.226	unknown	United States	15169	GOOGLEUS	false
13.249.86.140	d296je7bbdd650.cloudfront.net	United States	16509	AMAZON-02US	false
18.158.205.16	global-v4.clearbit.com	United States	16509	AMAZON-02US	false
104.16.118.116	unknown	United States	13335	CLOUDFLARENETUS	false
142.251.168.84	unknown	United States	15169	GOOGLEUS	false
104.18.32.137	geolocation.onetrust.com	United States	13335	CLOUDFLARENETUS	false
104.47.11.28	eur02.safelinks.eop-tm2.outlook.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.70	dart.l.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
104.16.138.209	unknown	United States	13335	CLOUDFLARENETUS	false
143.204.215.75	unknown	United States	16509	AMAZON-02US	false
104.18.87.42	cdn.cookielaw.org	United States	13335	CLOUDFLARENETUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
142.250.186.38	ad.doubleclick.net	United States	15169	GOOGLEUS	false
216.58.206.40	unknown	United States	15169	GOOGLEUS	false
13.32.118.196	d31uqz37bvu6i7.cloudfront.net	United States	16509	AMAZON-02US	false
172.217.18.2	td.doubleclick.net	United States	15169	GOOGLEUS	false
172.64.155.119	unknown	United States	13335	CLOUDFLARENETUS	false
34.223.74.168	api.segment.io	United States	16509	AMAZON-02US	false
52.222.214.89	unknown	United States	16509	AMAZON-02US	false
104.17.175.201	js.hs-analytics.net	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.127.196.46	unknown	United States	16509	AMAZON-02US	false
104.16.141.209	js-na1.hs-scripts.com	United States	13335	CLOUDFLARENETUS	false
18.245.46.79	tag.clearbitscripts.com	United States	16509	AMAZON-02US	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
99.86.8.175	unknown	United States	16509	AMAZON-02US	false
142.250.185.206	unknown	United States	15169	GOOGLEUS	false
3.160.156.176	dr79nymq4x8i9.cloudfront.net	United States	16509	AMAZON-02US	false
45.223.20.103	x4whrmz.x.incapdns.net	United States	19551	INCAPSULAUS	false
150.171.28.10	ax-0001.ax-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.64.147.16	js.hs-banner.com	United States	13335	CLOUDFLARENETUS	false
104.16.160.168	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.184.200	unknown	United States	15169	GOOGLEUS	false
52.113.194.132	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
54.148.238.104	sentry.infrastructure.pandadoc.com	United States	16509	AMAZON-02US	false
18.153.4.44	unknown	United States	16509	AMAZON-02US	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
35.201.112.186	edge.fullstory.com	United States	15169	GOOGLEUS	false
143.204.215.81	d3m3a7p0ze7hmq.cloudfront.net	United States	16509	AMAZON-02US	false
172.217.16.130	adservice.google.com	United States	15169	GOOGLEUS	false
104.16.117.116	track.hubspot.com	United States	13335	CLOUDFLARENETUS	false
52.222.214.68	d340ru1tcj2c5x.cloudfront.net	United States	16509	AMAZON-02US	false
18.245.46.12	unknown	United States	16509	AMAZON-02US	false
172.217.16.131	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
dart.l.doubleclick.net	142.250.186.70	true
tag.clearbitscripts.com	18.245.46.79	true
d31uqz37bvu6i7.cloudfront.net	13.32.118.196	true
js.hs-analytics.net	104.17.175.201	true
adservice.google.com	172.217.16.130	true
d340ru1tcj2c5x.cloudfront.net	52.222.214.68	true
eur02.safelinks.eop-tm2.outlook.com	104.47.11.28	true
d296je7bbdd650.cloudfront.net	13.249.86.140	true
track.hubspot.com	104.16.117.116	true
global-v4.clearbit.com	18.158.205.16	true
www.google.com	142.250.186.36	true
api.segment.io	34.223.74.168	true
app.clearbit.com	18.158.205.16	true
js.hs-banner.com	172.64.147.16	true
d3m3a7p0ze7hmq.cloudfront.net	143.204.215.81	true
x4whrmz.x.incapdns.net	45.223.20.103	true
sentry.infrastructure.pandadoc.com	54.148.238.104	true
ad.doubleclick.net	142.250.186.38	true
edge.fullstory.com	35.201.112.186	true
ax-0001.ax-msedge.net	150.171.28.10	true
bm2ydo9.impervadns.net	45.223.20.103	true
js-na1.hs-scripts.com	104.16.141.209	true
td.doubleclick.net	172.217.18.2	true
cdn.cookielaw.org	104.18.87.42	true
geolocation.onetrust.com	104.18.32.137	true
dr79nymq4x8i9.cloudfront.net	3.160.156.176	true
static.prod.pandadoc-static.com	unknown	unknown
x.clearbitjs.com	unknown	unknown
cdn.segment.com	unknown	unknown
api.pandadoc.com	unknown	unknown
app.pandadoc.com	unknown	unknown
eur02.safelinks.protection.outlook.com	unknown	unknown
12370631.fls.doubleclick.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	false		unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT	data	88DB3DCF312495BA611276E67D025D25	4B94D86B80ED2465D39604C6D62F8B22315B088D	6F94B413F03BE8D205B7524050EAA60F47B62D3DB889158385C043725AEECF70
C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl	data	1B43E42B353DE52B9862757675DC2DA8	98F1635CE09256BF9C2BA0FC0DBD6F5DBC69CABF	80BC6C7ED1971B23ECD4B6861F2EC541A3FA1E9AA92F2F5F0E2AE5A8C0A8A60E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E651110300053F6C2C3E0C9D7383E3D4	390EFC2AB0E9D2D62855E5D7803CC5357B5FE699	4F0379B12A9F48E710CF32DE4D65D5DD07AAAC92A3A2E798CD09010B64B3936B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B0A43645DF087A84F4B6E9380C5AA0C7	4639579C1364A6249FDD376A13F628CFE501A788	3A6801EF829D69A7826C68D097313D0DB368CEACAA21CA8D651F53820B787C6F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5EC2FE4D6A70360DA608A7AD7D80333E	083D933F99B2C297A54B160E01DF566B63151582	3006A47BB1BB88C0A3796D8189BE597DC248BCA70BA24E751B6FAD95BE9D7974
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D5DC8DF71C4C190EAD1D4E0C0E5C97CC	AFB391644F8D548CD24C69D1991EBF893770D603	D9F39B31F50615D1E1E9F3B66495D7E7E5026819A539DDFC2696BCD290C2FFD9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:03 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A05E1F7317E86C60569383F93084A36D	9470B32506210323883783980DA262AA0BC777C3	428379A1B8D449D8100F26AE6E106A7E459BF790B1D21A96B190BE1B8B51470E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 11 13:11:02 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	539DEE86FE1DE2B471011D1800384BCB	716BB1C7760977691CCE998228E41B5BFCBB7404	71FC166558F60A343809754CD8F1AB35047F63BF619AAF31A0E8223FB60BB56F
Chrome Cache Entry: 101	HTML document, ASCII text, with no line terminators	C83301425B2AD1D496473A5FF3D9ECCA	941EFB7368E46B27B937D34B07FC4D41DA01B002	B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
Chrome Cache Entry: 103	ASCII text, with very long lines (5796)	9629668A219EBF670496EBA5B61CD09C	061528F32AFA02EDD8232CBCAE9FAC18AAE28B18	CC8247EFC8F47ED1299B8CDFAAAFDCDFD51578AACA7571543E7C1080819BC476
Chrome Cache Entry: 104	JSON data	1430DB37CDFC094193A2F61DD2C0DC94	A577F2D6845AE04880AC3BE3084E243C2FD41524	59006EA92D79A5CA626A8C8ABD274E2CE60DF59A2D135653FE0D3D8A77269589
Chrome Cache Entry: 106	HTML document, ASCII text, with very long lines (754), with no line terminators	B06F4738E29567022FA238ADFA3D1E9A	28ED7850A19075D999043855B98900720345DB6E	72359E956446A48359AE18D9AB70B1C1E5A093B1EFDE910250F3562CF5F31610
Chrome Cache Entry: 107	ASCII text, with very long lines (4201)	9A49B89C3806E0DA087ED52347F45D6E	37E661444036A667AD9D0888567B4F1ADB4E5EF6	A980AD547B906C0415A3D2BFFE143D6B7754A5FA96966A75E6280BE10FF562D0
Chrome Cache Entry: 108	JSON data	EE4F6483092C5B7F3C70647EFBBBC522	549143B1A84A6F9A8A06FD1EB39ADDBB526BF2BC	15AD7278AFF8E64E298B1D3B45EAD50A3303C41BB07CA5D1AA13B374ADF37D58
Chrome Cache Entry: 109	HTML document, ASCII text, with very long lines (1093)	873B57CC19AA16713FA727943CC38160	BB4B96A50E9D01B91DC7015B3D72D033D41818BD	EF8E0A2D7684E7C51E0540573E95F8E05BB0910E20F0240FB7EBE624F5802CDA
Chrome Cache Entry: 111	JSON data	81B9A0932C1B4C187B93CBA72FF43B8C	F18A33E00BB9CED9243CAA51C579ED46A703BF60	7A94A0863619C470ABCB6912C2D0358D139BDC82C8C6B39C7EEE835A07C1A9F4
Chrome Cache Entry: 112	Web Open Font Format (Version 2), TrueType, length 47828, version 1.0	4828181BF8131DBFAA80DFE41C976751	84C7E44667948C3CD5E61E13DBFE410E21C5EA15	55FACC0692E6293181D796126525075F149F6344A1174119257470AD5C5CCA26
Chrome Cache Entry: 116	ASCII text, with no line terminators	1AE6B27EBA211F4CFCD99B904DA88BB7	53CA38F083C4A21F2EDA633EC304CB4582EDEDA2	961635B4E9661208EC118D285B3AC1DBF9F3CC96CDDC97F30E55CD2C6566448C
Chrome Cache Entry: 119	ASCII text, with very long lines (1490)	3867B2388B619FF7FDDC29EF359FC9AA	511BED0C4D3D57AB4CF1B1D7596FB845ECFBA6AC	31892C21AE4FB908A875BBE29DBF0DF74C2E84171CFBCAC23540F3AD8222A35A
Chrome Cache Entry: 123	HTML document, ASCII text, with very long lines (2592), with no line terminators	2B74504E09C3B974B25D8800D8288350	F5F64CBB7B3B3849CCCBDCE71CC353EE0EC12E49	C980E786313A676797C22878EF5DF4C32CEB6BC9472B0CD88DEEB36DAD23A986
Chrome Cache Entry: 125	JSON data	2ECE426E3900FA6EBAD39380AEAA2539	24C4E875361BC77874B005F816D160223DC68B46	E4CE65C3A33FDF0AD73B34857BFF62AF3A6187509551AFBFECBA345FEA02BF55
Chrome Cache Entry: 127	ASCII text, with no line terminators	F06F465625C8D809BF5331A90E8C179E	067928FD075A7DB90971143E4220000C5D52D96D	9AC19131FC3C9FE754DB0A0C099C9CD6717A0A58BBEA590009E32BCEBEC1F94D
Chrome Cache Entry: 128	ASCII text, with very long lines (31995)	EE1C94667EAF764626C8D14BC074DC80	A1955E23699FD2289E43ACC9A87E68EEAD457DF0	EEEFB4048C9EB6A684A2F24691B83594FEE2DEE4B9C291CA881DD1B457A3924B
Chrome Cache Entry: 129	JSON data	3E7299EBB5AE975CD37B40BDAE930DE1	0378C21738710A9546B2346F278E9E9014400CFA	37488B225375C9B87DD63DB6CD1C4FB95CCF05894C8478FDAFCBF43040BA091C
Chrome Cache Entry: 130	ASCII text	9FD9DDA1F7EAC845FCB025DEB2C1B23A	806FCE5D42EDDA2CF00F9C0B5FA60EAC4ED269C3	993CA20FBC09132A83E29573840E393B09135424ED7DC1807E974D81819F2D40
Chrome Cache Entry: 131	gzip compressed data, original size modulo 2^32 57055	4514BCE42501858CCC366E06E46A248C	32226E971032EDF1045C8593F1BEF5DA8127D432	D626D204005BFE7A6939E8A6D735AA0B2986D50D71D85FCA52EC0CEED6EE47EE
Chrome Cache Entry: 133	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 138	ASCII text, with very long lines (1571)	C743DB20D84F016A0CAFA1B12AD1FB53	910A9E74FEB7DF69763BF9F04496098C7DEEB27D	5AE5367ABDD9B9739EE68CC66D06483A4950506F86FF283122A7A51C040B8232
Chrome Cache Entry: 140	ASCII text, with very long lines (22462)	01D681C49BE80A4B603C59E89B87920C	5A75464EF4E504564DB1D39BEBED538F564B770E	EFAD755939E511F2BC1FEB0D58D6014006E8598A4D431F27A66DD59E14FC19CB
Chrome Cache Entry: 142	ASCII text, with very long lines (42611)	0D317B8F0751F63EBF10E1F260667634	7CE44E2764E0A432767A13408A1B1E7090093BEE	3EDB79D7E097FC1E1274472E40C8E206BD6A94861C104C339B603A966AF4C0E7
Chrome Cache Entry: 143	ASCII text, with very long lines (11231)	5DCC6595E01C3C63B69F991366B1C7D9	5CCDD7E36F0F99FDB215CA9FAE7EF1A41CED8A90	930239150E702D9D4BF43C3881AA70F8AD5FD9068DCBECB7C8BCCA654784F7F1
Chrome Cache Entry: 145	PNG image data, 192 x 192, 8-bit colormap, non-interlaced	E5478BAE7F80255640DF3CE4E1CD3470	0DB3AB1357DC931F6DAF279D32D9F80B730ED9A9	A32C724FCADBA359BB73ED69D2F4E29E3F01E7C75C69AB68F0ADDDC14BCC97E3
Chrome Cache Entry: 146	ASCII text, with very long lines (8686)	027BC21700C61DCA501BA020F7654DDD	B3D50854321DD8AB05A39E59EF45A0C94081DF98	56B0D6DE549E8F682E293C15480830911014CF8527BC039E16AF5748887A8651
Chrome Cache Entry: 147	ASCII text, with very long lines (42611)	7D0FEA6248CCA62F6595FE5C55F51154	AEFEF23EF660D480AF8A7A9BAB26BAA7F4125CB5	04716B203EFBC43ECE060C00F4A32DB0ECEC99F5CF33A832C95C72527021CAB9
Chrome Cache Entry: 149	JSON data	A5FE9CD0A68ABAB2CB3B05AB2F9EB1F2	B64DCB71505CCEBDB5376576FBEB83FAEDC0C517	09C40AE903C7F4C6EC5F028949347DBE7AE934B5477D434047830D4CF90C4EE9
Chrome Cache Entry: 151	ASCII text, with very long lines (9198)	00E9C65CBBA11C07C4BF4A6E2727B8EA	AC1A5D9B6FFCDE916A82169CD74C9A734BDF4A39	129151ED0140041B198CE3B364A11861A3B5BAA5BB60475EBF7BEDB9B0FC94D6
Chrome Cache Entry: 152	gzip compressed data, was "tmpn38be2p_", last modified: Wed Oct 9 15:23:15 2024, max compression, original size modulo 2^32 291442	B8A6018D5CFD4A57F804667F4E4173BE	4D33BEE1AD25193FBD22B6333BC1F785EA0B26A1	69AC8A03F114368C57F7B2A95449F341E56A1291FAB88550C01D4B04FF660BCE
Chrome Cache Entry: 153	Unicode text, UTF-8 text, with very long lines (65461)	34D1A6439005D3CDFDC3BD0D513125C9	473B5C85F86E881A9F7A60CAF9D2A50503823F20	54C12F9928C1D216C0DD1B0A6B2089D2F79BD2008B1AEE1D8E517086B64435EC
Chrome Cache Entry: 154	ASCII text, with very long lines (65536), with no line terminators	0ADC15338F62DEE4FE19022A515F6D5F	A6F8DDEC5DC5A1BD7642644BCAE01449198C1D66	A7D672A8D80569869A504E861D159547F7A2244FFDEDDF78F1060BDD29714335
Chrome Cache Entry: 155	ASCII text, with very long lines (902), with no line terminators	A34E3095343D8505992368248F16C20F	EAA8E7574AA33F1A5F89F9FD44838F2448D9EFDF	8FEF955AE210017FF1E112B61A69A6A2CAAB9775191EA2FE6D157AC683AFC64C
Chrome Cache Entry: 158	gzip compressed data, max compression, from Unix, original size modulo 2^32 71723	C467A63B2E7C3A99BE423ACE649014D8	91A3CB3EBF4F3996512A740FC202E1803828594F	D070E8B363B2CB1BC55B94F1612A1AF673155DF31773E992007F8952E3661EE5
Chrome Cache Entry: 159	Unicode text, UTF-8 text, with very long lines (18223)	F7B3D2021DF83853B191AEFA39A74B15	7ECE46EBE56BAD8FE5FCEA4D0D7E8F134A4C47EA	557C67C76C13A84E8B483EE1A0DFDD807399D960909266E7C6A83DDFADCA9C81
Chrome Cache Entry: 160	Unicode text, UTF-8 text, with very long lines (50522), with no line terminators	14272A6CDF99BDC079B8EC8097889F49	2343F9F1D29F3B034F3B8FFB7A92BFFD98A88450	73AAA4E6BFC1DBED5F3F934710D1ADA545F4068742235E59D0CB74F0EAF0A3C4
Chrome Cache Entry: 161	ASCII text, with very long lines (4201)	8882BF5F31CD8398AE43D51DCA42E853	D6A74D92C993CF9E9463A8A1D1880B6020B90A2B	7B579175C17B7C2387D5EF08A90E0BEFE0E15AB5CC74BDD571DC6868EF9DE856
Chrome Cache Entry: 164	JSON data	FE7524324A2254EA4FED6074665DAF49	48E10B0444551E440B27ACAD9EA3A0C43E56FE3F	BC9020100A3ACE3F34E0AF122989BBC8D593396E7E2A47981828921AE2CD0282
Chrome Cache Entry: 165	ASCII text, with very long lines (63670)	9FD7C172D4B5916A1A1816D05B4F787C	B3E8126A573D3A816D815BE44D6660D05A0F4140	F9D49E901D0B33B4790F50634699091BA062C998AD9D26F349BF1C50CD244096
Chrome Cache Entry: 166	ASCII text, with very long lines (65451)	40DFE86D54A4EAE752C253FA3161244A	8EEC0F8218EA2A23F0BFC1172CA5336C13DC3DA4	FF3565CC93CF3C21B441DD5911DE725FB55E4D203CFE380EA1B70ADFC9C7504B
Chrome Cache Entry: 167	JSON data	B04CD3F8043EF04F417D4B0E4BCBBC03	88F259A4AE3045409B3657E7D7A791D321BA9DCE	59E58524340CD7AD353BE010374B124C242FDDE10A0ED41047FE2FD4BB9E5A2E
Chrome Cache Entry: 168	JSON data	E58C1D01601F109335F5C6307B6D9CD4	51643ECCED6D8A4D672F9BA3F36D40D43F4A33EA	1DF323C03E742FF217794C8ACE2C647F3F0CF868C91D4396C166262CA1075ACC
Chrome Cache Entry: 169	Web Open Font Format (Version 2), TrueType, length 48348, version 1.0	3E7D7B13A9F8AC74D3B4BF5A60C9024A	96C91E8C57110ABC43406CF421AAC31980CF13B5	BFC455FEE57B0684B80AC0C6905A669901955CCACFA4E0A9B22233E0ADD9A0E7
Chrome Cache Entry: 170	JSON data	DC3B7174D8C152944B7A4367D58011EC	1403ECC202C8C2DF0CC03A7D366B04F278DCD9CA	A09D0F89E99CF5A081315FF701187632005DABD23F3CA116A75790003FAA7E8F
Chrome Cache Entry: 172	ASCII text, with very long lines (64749)	0132E542396801AF8DC07F9B6B9C895F	7D1E33290C5B2EC27DB1474BBA000C5FCD7897B4	7A154E84D8F7171C9DA4B145FD22E96F5B343EEDB873DD7A2BEF2DAA7195D959
Chrome Cache Entry: 173	gzip compressed data, from Unix, original size modulo 2^32 3516	823E9D07D62B7FD23C90CCE41176370A	A01A2A4F1ECC483A0374F2837CCBB8A609567FEC	F88BAC52AA97132DF7ABFCFF072545AC6729CA75DF234B5B5F129099522FBCDF
Chrome Cache Entry: 174	ASCII text	170DC193B07315F61C5DF13CA7BE231C	2E8E72620849ACE265798016B54D9C90FE3F70EC	F1136039EFFB6D888DD38A236ED27CC3E61D780B0D8775E4CD1DE8F262D3AD18
Chrome Cache Entry: 175	Web Open Font Format (Version 2), TrueType, length 43516, version 1.0	8A61ACC4FC0A1159DF6DE8FE0616464F	205933BF345D9207C84F470EF9B099064A05DCEC	43C0132C8F9DB2F2CC34018070EB517B290D3289D1287912A6255A6BC8A04E4B
Chrome Cache Entry: 176	ASCII text, with very long lines (3457)	1545CF907790927967FED20E90BFE26A	28597AAC5C6A73D3F81FECDEB5F69A240E1159FE	3317D0ECCB739FFC7B3C7627BC3460495F357FF615F6C96CA5F536237D112837
Chrome Cache Entry: 177	ASCII text, with CRLF line terminators	97CF0FE353C517CEA6CB3E1F2E7EDFC9	58D8EB24BFD5CA347B6A0A72894E6C8B6EAE198F	0E0C8CEDB72A7E5A3080203509132486E267E5D1B0C5C6EAE78AC16F7928FF01
Chrome Cache Entry: 178	JSON data	DCEE9B30F2C5F1B66E326AB9E1476B3D	E21C68C449415678A0FCB1AA2FDFEE9321F16BB4	92AE6059BE4810896FE886985DB9D6F70C14AF4AAE9B17E038B66583DD23D61C

HTML body contains password input but no form action

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://12370631.fls.doubleclick.net/activityi;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://12370631.fls.doubleclick.net/activityi;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://12370631.fls.doubleclick.net/activityi;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: Iframe src: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=12370631;type=pd_app;cat=pd-ap0;ord=9120255653985;npa=0;auiddc=1225100163.1728655869;u1=;u7=undefined;u8=undefined;ps=1;pcor=554010169;uaa=x86;uab=64;uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132;uamb=0;uam=;uap=Windows;uapv=10.0.0;uaw=0;pscdl=noapi;frm=0;gtm=45fe4a90v9176682100z86615274za201zb6615274;gcs=G111;gcd=13t3t3l3l5l1;dma=0;tag_exp=101671035~101686685;epver=2;~oref=https%3A%2F%2Fapp.pandadoc.com%2Flogin%2F%3Fnext%3D%2Fa%2F?

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

HTTP Parser: <input type="password" .../> found

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true

HTTP Parser: No favicon

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="author".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="author".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="author".. found

Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="copyright".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="copyright".. found
Source: https://app.pandadoc.com/login/?next=/a/#/documents/C2edxovHUsjF2GgqzPKjZ7?requestAccessDisabled=true	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:58079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58199 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:58093 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.136
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: eur02.safelinks.protection.outlook.com
Source: global traffic	DNS traffic detected: DNS query: app.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: cdn.cookielaw.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.segment.com
Source: global traffic	DNS traffic detected: DNS query: edge.fullstory.com
Source: global traffic	DNS traffic detected: DNS query: static.prod.pandadoc-static.com
Source: global traffic	DNS traffic detected: DNS query: tag.clearbitscripts.com
Source: global traffic	DNS traffic detected: DNS query: x.clearbitjs.com
Source: global traffic	DNS traffic detected: DNS query: sentry.infrastructure.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: api.pandadoc.com
Source: global traffic	DNS traffic detected: DNS query: ad.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: geolocation.onetrust.com
Source: global traffic	DNS traffic detected: DNS query: api.segment.io
Source: global traffic	DNS traffic detected: DNS query: app.clearbit.com
Source: global traffic	DNS traffic detected: DNS query: d31uqz37bvu6i7.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-analytics.net
Source: global traffic	DNS traffic detected: DNS query: dr79nymq4x8i9.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: 12370631.fls.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: adservice.google.com
Source: global traffic	DNS traffic detected: DNS query: js-na1.hs-scripts.com
Source: global traffic	DNS traffic detected: DNS query: track.hubspot.com
Source: global traffic	DNS traffic detected: DNS query: d3m3a7p0ze7hmq.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: js.hs-banner.com

Source: unknown	Network traffic detected: HTTP traffic on port 58186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58100
Source: unknown	Network traffic detected: HTTP traffic on port 58192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58105
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58113
Source: unknown	Network traffic detected: HTTP traffic on port 58174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58114
Source: unknown	Network traffic detected: HTTP traffic on port 58122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58110
Source: unknown	Network traffic detected: HTTP traffic on port 58157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58116
Source: unknown	Network traffic detected: HTTP traffic on port 58146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58119
Source: unknown	Network traffic detected: HTTP traffic on port 58169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58125
Source: unknown	Network traffic detected: HTTP traffic on port 58127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58120
Source: unknown	Network traffic detected: HTTP traffic on port 58089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58121
Source: unknown	Network traffic detected: HTTP traffic on port 58133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58134
Source: unknown	Network traffic detected: HTTP traffic on port 58090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58137
Source: unknown	Network traffic detected: HTTP traffic on port 58197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58132
Source: unknown	Network traffic detected: HTTP traffic on port 58084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58201
Source: unknown	Network traffic detected: HTTP traffic on port 58123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58189
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58188
Source: unknown	Network traffic detected: HTTP traffic on port 58102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58182
Source: unknown	Network traffic detected: HTTP traffic on port 58131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58181
Source: unknown	Network traffic detected: HTTP traffic on port 58154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58183
Source: unknown	Network traffic detected: HTTP traffic on port 58177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58180
Source: unknown	Network traffic detected: HTTP traffic on port 58137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58079
Source: unknown	Network traffic detected: HTTP traffic on port 58092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58196
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58199
Source: unknown	Network traffic detected: HTTP traffic on port 58119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58192
Source: unknown	Network traffic detected: HTTP traffic on port 58086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58190
Source: unknown	Network traffic detected: HTTP traffic on port 58113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58086
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58084
Source: unknown	Network traffic detected: HTTP traffic on port 58081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58081
Source: unknown	Network traffic detected: HTTP traffic on port 58194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58097
Source: unknown	Network traffic detected: HTTP traffic on port 58130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58094
Source: unknown	Network traffic detected: HTTP traffic on port 58155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58090
Source: unknown	Network traffic detected: HTTP traffic on port 58172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58091
Source: unknown	Network traffic detected: HTTP traffic on port 58115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58138
Source: unknown	Network traffic detected: HTTP traffic on port 58182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58141
Source: unknown	Network traffic detected: HTTP traffic on port 58121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58140
Source: unknown	Network traffic detected: HTTP traffic on port 58158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58149
Source: unknown	Network traffic detected: HTTP traffic on port 58164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58159
Source: unknown	Network traffic detected: HTTP traffic on port 58126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58158
Source: unknown	Network traffic detected: HTTP traffic on port 58199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58154
Source: unknown	Network traffic detected: HTTP traffic on port 58132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58151
Source: unknown	Network traffic detected: HTTP traffic on port 58170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58150
Source: unknown	Network traffic detected: HTTP traffic on port 58153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58163
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58166
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58161
Source: unknown	Network traffic detected: HTTP traffic on port 58171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58178
Source: unknown	Network traffic detected: HTTP traffic on port 58094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58175
Source: unknown	Network traffic detected: HTTP traffic on port 58088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58177
Source: unknown	Network traffic detected: HTTP traffic on port 58103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58171
Source: unknown	Network traffic detected: HTTP traffic on port 58193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58172
Source: unknown	Network traffic detected: HTTP traffic on port 58159 -> 443

Source: unknown	HTTPS traffic detected: 40.126.32.136:443 -> 192.168.2.16:58079 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58084 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.16:58199 version: TLS 1.2

Source: classification engine

Classification label: sus23.winEML@19/58@92/502

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241011T1010520455-7100.etl

Source: unknown	Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\phish_alert_sp2_2.0.0.0.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "37DDDAEE-9F34-4813-B165-420FD6211B01" "7F385A7B-179E-4911-ACAD-354D4B1CB9DA" "7100" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.pandadoc.com%2Fcollaborator%2Fq779Y8X3yd4DqtXnoDyU2Y%2Fdocument%2FC2edxovHUsjF2GgqzPKjZ7%2Fsignup%2F&data=05%7C02%7Cy.atamaniuk%40gms.net%7C2379b2dd68f64c818cab08dce94808b0%7Cb257b72ab83c4005915bce5ce92eaad2%7C1%7C0%7C638641742839616804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=rNowDTcUQfioIu6tQR89ajyK0OiKQBTLi%2B%2BrVqSyBVo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1948,i,13608333319017150822,94770162492369872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "37DDDAEE-9F34-4813-B165-420FD6211B01" "7F385A7B-179E-4911-ACAD-354D4B1CB9DA" "7100" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapp.pandadoc.com%2Fcollaborator%2Fq779Y8X3yd4DqtXnoDyU2Y%2Fdocument%2FC2edxovHUsjF2GgqzPKjZ7%2Fsignup%2F&data=05%7C02%7Cy.atamaniuk%40gms.net%7C2379b2dd68f64c818cab08dce94808b0%7Cb257b72ab83c4005915bce5ce92eaad2%7C1%7C0%7C638641742839616804%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=rNowDTcUQfioIu6tQR89ajyK0OiKQBTLi%2B%2BrVqSyBVo%3D&reserved=0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1948,i,13608333319017150822,94770162492369872,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: c2r64.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Section loaded: gpapi.dll

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: Email	LLM: Page contains button: 'OPEN THE DOCUMENT' Source: 'Email'
Source: Email	LLM: Email contains prominent button: 'open the document'

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

File Volume queried: C:\Windows\SysWOW64 FullSizeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Queries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformation

Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

ID:	1531694
Product:	CloudBasic
Start time:	16:10:20
Start date:	11.10.2024
Sample:	phish_alert_sp2_2.0.0.0.eml
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d9d874ff1eb3dbf809345d7d6f2509ec
SHA1:	ad720ca6777233dc90ab6b09fc44667e5ef5b889
SHA256:	6d702762dbf87afbd3a560b77786eb584c8b05e26495152d92f2d591a7072727
Filetype:	E-Mail message (Var. 5) (54515/1) 100.00%

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report phish_alert_sp2_2.0.0.0.eml

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
phish_alert_sp2_2.0.0.0.eml