Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Handling p#U00e5kr#U00e6vet..msg

Overview

General Information

Sample name:Handling p#U00e5kr#U00e6vet..msg
renamed because original name is a hash value
Original sample name:Handling pkrvet..msg
Analysis ID:1532985
MD5:a949e1c85876bf284b5f40ec3f07060c
SHA1:941e2544a37128c209c8f3bded81ebfd44b26aaa
SHA256:b2e26874f30a3fd1d2c0d02f2039b0cfc7d75a4ba7273a71c36c99146fc9eb8a
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 6856 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Handling p#U00e5kr#U00e6vet..msg" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 4144 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BC50F963-EA67-4F56-BA39-EEBA6AD68FA7" "90EA30BC-853E-4F4E-A406-0530445FAF23" "6856" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 6856, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.aadrm.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.aadrm.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.cortana.ai
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.microsoftstream.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.office.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.onedrive.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://api.scheduler.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://app.powerbi.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://augloop.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://augloop.office.com/v2
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitbKNJ8sYhqlUJYn8yxhWxUA0aJZmY5LVQXtJ_ILT
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://canary.designerapp.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.entity.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cortana.ai
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cortana.ai/api
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://cr.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://d.docs.live.net
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Disney/principal%
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/acumula-2.
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/header-CDR
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/icono-face
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/icono-ig_b
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/icono-link
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/icono-whas
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/invita-2.p
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/logo-blanc
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/seguro-2.p
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dev.cortana.ai
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://devnull.onenote.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://directory.services.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ecs.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://edge.skype.com/rps
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://graph.windows.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://graph.windows.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ic3.teams.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://invites.office.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://lifecycle.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://login.microsoftonline.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://login.windows.local
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://make.powerautomate.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://management.azure.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://management.azure.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.action.office.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://messaging.office.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://mss.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ncus.contentsync.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://officeapps.live.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://officepyservice.office.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://onedrive.live.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office365.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office365.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://powerlift.acompli.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://res.cdn.office.net
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: ~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drString found in binary or memory: https://s3-eu-west-1.amazonaws.com/templates-media/EmailTemplateSources/Telmore/00_template2017/fill
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://service.powerapps.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://settings.outlook.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://staging.cortana.ai
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://substrate.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://tasks.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://webshell.suite.office.com
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://wus2.contentsync.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winMSG@3/28@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241014T0259170184-6856.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Handling p#U00e5kr#U00e6vet..msg"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BC50F963-EA67-4F56-BA39-EEBA6AD68FA7" "90EA30BC-853E-4F4E-A406-0530445FAF23" "6856" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BC50F963-EA67-4F56-BA39-EEBA6AD68FA7" "90EA30BC-853E-4F4E-A406-0530445FAF23" "6856" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1532985 Sample: Handling p#U00e5kr#U00e6vet..msg Startdate: 14/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 68 148 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Handling p#U00e5kr#U00e6vet..msg0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://api.microsoftstream.com/api/0%VirustotalBrowse
https://my.microsoftpersonalcontent.com0%VirustotalBrowse
https://otelrules.svc.static.microsoft0%VirustotalBrowse
https://d.docs.live.net0%VirustotalBrowse
https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false1%VirustotalBrowse
https://outlook.office.com/autosuggest/api/v1/init?cvid=0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
  • URL Reputation: safe
unknown
https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/icono-face~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drfalse
    		unknown
    https://shell.suite.office.com:1443DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
    • URL Reputation: safe
    		unknown
    https://designerapp.azurewebsites.netDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
    • URL Reputation: safe
    		unknown
    https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drfalse
      		unknown
      https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://autodiscover-s.outlook.com/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://useraudit.o365auditrealtimeingestion.manage.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://outlook.office365.com/connectorsDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      https://cdn.entity.DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.addins.omex.office.net/appinfo/queryDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://clients.config.office.net/user/v1.0/tenantassociationkeyDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://powerlift.acompli.netDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://rpsticket.partnerservices.getmicrosoftkey.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://lookup.onenote.com/lookup/geolocation/v1DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://cortana.aiDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      https://api.powerbi.com/v1.0/myorg/importsDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://cloudfiles.onenote.com/upload.aspxDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      https://entitlement.diagnosticssdf.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.aadrm.com/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
      • URL Reputation: safe
      		unknown
      https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/icono-ig_b~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drfalse
        		unknown
        https://ofcrecsvcapi-int.azurewebsites.net/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
        • URL Reputation: safe
        		unknown
        https://canary.designerapp.DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
        • URL Reputation: safe
        		unknown
        https://ic3.teams.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
        • URL Reputation: safe
        		unknown
        https://www.yammer.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
        • URL Reputation: safe
        		unknown
        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.microsoftstream.com/api/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalseunknown
        https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
        • URL Reputation: safe
        		unknown
        https://cr.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
        • URL Reputation: safe
        		unknown
        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          		unknown
          https://messagebroker.mobile.m365.svc.cloud.microsoftDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://otelrules.svc.static.microsoftDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalseunknown
          https://portal.office.com/account/?ref=ClientMeControlDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://edge.skype.com/registrar/prodDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://graph.ppe.windows.netDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://res.getmicrosoftkey.com/api/redemptioneventsDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://powerlift-frontdesk.acompli.netDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://tasks.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://officeci.azurewebsites.net/api/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://sr.outlook.office.net/ws/speech/recognize/assistant/workDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.scheduler.DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://my.microsoftpersonalcontent.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalseunknown
          https://store.office.cn/addinstemplateDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.aadrm.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
          • URL Reputation: safe
          		unknown
          https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/logo-blanc~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drfalse
            		unknown
            https://edge.skype.com/rpsDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office.com/autosuggest/api/v1/init?cvid=DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalseunknown
            https://globaldisco.crm.dynamics.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://messaging.engagement.office.com/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://dev0-api.acompli.net/autodetectDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://www.odwebp.svc.msDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.diagnosticssdf.office.com/v2/feedbackDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.powerbi.com/v1.0/myorg/groupsDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://web.microsoftstream.com/video/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.addins.store.officeppe.com/addinstemplateDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
            • URL Reputation: safe
            		unknown
            https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/invita-2.p~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drfalse
              		unknown
              https://graph.windows.netDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://dataservice.o365filtering.com/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://officesetup.getmicrosoftkey.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://analysis.windows.net/powerbi/apiDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://prod-global-autodetect.acompli.net/autodetectDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://substrate.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://outlook.office365.com/autodiscover/autodiscover.jsonDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://consent.config.office.com/consentcheckin/v1.0/consentsDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://d.docs.live.netDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalseunknown
              https://safelinks.protection.outlook.com/api/GetPolicyDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://ncus.contentsync.DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalseunknown
              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              http://weather.service.msn.com/data.aspxDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://apis.live.net/v5.0/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://officepyservice.office.net/service.functionalityDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://templatesmetadata.office.net/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://messaging.lifecycle.office.com/DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://mss.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://pushchannel.1drv.msDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://management.azure.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://outlook.office365.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://wus2.contentsync.DA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://incidents.diagnostics.office.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://clients.config.office.net/user/v1.0/iosDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
              • URL Reputation: safe
              		unknown
              https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/acumula-2.~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drfalse
                		unknown
                https://make.powerautomate.comDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.addins.omex.office.net/api/addins/searchDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
                • URL Reputation: safe
                		unknown
                https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/header-CDR~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp.0.drfalse
                  		unknown
                  https://insertmedia.bing.office.net/odc/insertmediaDA16397E-5730-4E67-AF41-DBF67EB8BEC7.0.drfalse
                  • URL Reputation: safe
                  		unknown

                  World Map of Contacted IPs

                  No contacted IP infos

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1532985
                  Start date and time:2024-10-14 08:57:57 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 5m 9s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:9
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:Handling p#U00e5kr#U00e6vet..msg
                  renamed because original name is a hash value
                  Original Sample Name:Handling pkrvet..msg
                  Detection:CLEAN
                  Classification:clean1.winMSG@3/28@0/0
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 100%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Found application associated with file extension: .msg

                  Warnings

                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.113.194.132, 52.109.76.243, 2.19.126.151, 2.19.126.160, 20.42.73.24
                  • Excluded domains from analysis (whitelisted): omex.cdn.office.net, slscr.update.microsoft.com, onedscolprdeus03.eastus.cloudapp.azure.com, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, neu-azsc-000.roaming.officeapps.live.com, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, a1864.dscd.akamai.net, ecs.office.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, omex.cdn.office.net.akamaized.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtQueryAttributesFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtReadVirtualMemory calls found.

                  Simulations

                  Behavior and APIs

                  No simulations

                  LLM Input / Output

                  InputOutput
                  URL: Email Model: jbxai
                  {
"brands":["Brobizz"],
"text":"Kre kunde Vi har desvrre ikke kunnet behandle din seneste betaling,
 muligvis p grund af problemer med dine faktureringsoplysninger. For at sikre uafbrudt adgang til vores tjenester,
 bedes du venligst opdatere dine oplysninger via nedenstende link: Opdateringscenter Hvis du har sprgsml eller brug for hjlp,
 str vores kundesupport klar til at assistere dig. Vi takker for din hurtige opmrksomhed. Med venlig hilsen,
 Brobizz Teamet",
"contains_trigger_text":true,
"trigger_text":"Globi",
"prominent_button_name":"Opdateringscenter",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):231348
                  Entropy (8bit):4.388351414411446
                  Encrypted:false
                  SSDEEP:3072:NQgRcxghmiGu2wYqoQFrt0FviJu9Bu3JYF:NiSmi2wFXu9Bu32
                  MD5:43A5F3FA5BC6B4F95367C7DF14008696
                  SHA1:9627B378947A651CAA0E169EE84ECB047F2A5CC9
                  SHA-256:17CE7EC77755F9DA81122C69EF3099B5FA4C4E9B5252793F5B2E1DBC56F64FFE
                  SHA-512:01A60032E02170E441846743227994F8F98A02619ABFB288A1770DBF0E70D9EA4A813C6887F5E9CDB01FD1EA19D2FF8D55C5D85FF75879BCBE1629B1C61EEC2E
                  Malicious:false
                  Reputation:low
                  Preview:TH02...... .`..........SM01X...,..................IPM.Activity...........h...............h............H..h.S.......h....h........8...H..h\tot ...ppDa...hxx..0...H.S....h.y.............h........_`.j...h.x..@...I..v...h....H...8..j...0....T...............d.........2h...............k..............!h.............. hD..B....`.S...#h....8.........$h8.......8....."h..............'h..Z...........1h.y..<.........0h....4.....j../h....h......jH..hx...p....S...-h .........S...+hMy......S................. ..............F7..............FIPM.Activity....Form....Standard....Journal Entry...IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.GwwMicrosoft...This form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntities.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:dropped
                  Size (bytes):322260
                  Entropy (8bit):4.000299760592446
                  Encrypted:false
                  SSDEEP:6144:dztCFLNyoAHq5Rv2SCtUTnRe4N2+A/3oKBL37GZbTSB+pMZIrh:HMLgvKz9CtgRemO3oUHi3SBSMZIl
                  MD5:CC90D669144261B198DEAD45AA266572
                  SHA1:EF164048A8BC8BD3A015CF63E78BDAC720071305
                  SHA-256:89C701EEFF939A44F28921FD85365ECD87041935DCD0FE0BAF04957DA12C9899
                  SHA-512:16F8A8A6DCBAEAEFB88C7CFF910BCCC71B76A723CF808B810F500E28E543112C2FAE2491D4D209569BD810490EDFF564A2B084709B02963BCAF6FDF1AEEC59AC
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview:51253fe60063c31af0d295afb42228b0:v2:2:1:1590:2:8479:76bd602437550e98c9043d06a55186ab7d95dea5a0e935a599f73e62a8c9b158e0afcb19351f6c353940c06a38172b94d18c02cf92bb8a80184eccca0392b259ab3e71dae73e491c7941997cb36ad4a198661f622dad478d840f66d530a0dde78acea3367f91fff62fbb3dc18faff0c708ad30edef5bea8b22c5fd782b770d8993386eaa784fd19a3c3e1db3b537b1a94d3d4fbd46f8df8fddf6d16611969fe0a97c50e0f3ac24750c93257cf5c161184aa7385800c87d803b339632a3d8ec7fe17a0afd83ce9e9d0e3f7b8d579637928a811f1f7e6d1887df2ddc7d4f752c4d600235e426c92c7bf8a1362f95457998cc0e5d4261f0efa4fada0f866dbcefb407dacab7a2914e91c2f08200f38c2d9d621962145b1464b0f204b326118a53ecdcab22bff005fdd5257c99a6dc51ac0600a49f2ef782396987e78c08b846dad5db55e8ccefffc64863bc2c3e90b95a09d25d0814a848c98fe01a82d4e30e6682dd546e12c45ca0d280a45295ab4bd632dafb070edfdc3c9e38313d5aeb195972986f8011b66817028fd8c78b67a0ac7e780eecc3fb6a31f5a025b8a9a3db278a98c0696aeaac739b18688b0f9c7d751bba02cc5f4e41853fb119b3c0c915059aaa92971244a1989124f12881ca88e6410df70b793a2c3a736ff4

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\AddInClassifierCache\OfficeSharedEntitiesUpdated.bin

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):10
                  Entropy (8bit):2.6464393446710157
                  Encrypted:false
                  SSDEEP:3:LNddla:hddY
                  MD5:A07698C6D6470C389700BC4F898F2B84
                  SHA1:7F019E48C5D82DA3956E7C811F49CD7083733054
                  SHA-256:9D13EAFCC1F1B1D85A4ACA087DD48FE0643BCE6FE0B1FEE74908B3E0541AF117
                  SHA-512:6303A84C72767D02593F863B3AB5DA5D15A5BA3F71CC67E99385616B8C623DFC7787298442FD8995754EB51214F4191A11AA2E3962707CB82D906F73C06AE4E9
                  Malicious:false
                  Reputation:low
                  Preview:1728889163

                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\DA16397E-5730-4E67-AF41-DBF67EB8BEC7

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):178099
                  Entropy (8bit):5.290521966688597
                  Encrypted:false
                  SSDEEP:1536:6i2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:PCe7HW8bM/o/TXgk9o
                  MD5:4AD2C15B0DDBA64E42C31F0983B9C835
                  SHA1:750F94533A8E7DD5B75B04ABBF234EC23D38991C
                  SHA-256:6FB0C5A3A1431C229734CA3BE61E8FAFA22E506FF7999EE92B7A66C8A798908A
                  SHA-512:A17671E24C6E1FA29AE56EB502AA806D9110279D62F2D76923337636A186A3F102BB9806EA4B1CA4CF46D8736CCA1278083E75582B49124E9E3F3A5419A4B1E5
                  Malicious:false
                  Reputation:low
                  Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-14T06:59:20">.. Build: 16.0.18204.40137-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite 3.x database, last written using SQLite version 3034001, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):0.09304735440217722
                  Encrypted:false
                  SSDEEP:3:lSWFN3l/klslpEl9Xll:l9F8E+9
                  MD5:D0DE7DB24F7B0C0FE636B34E253F1562
                  SHA1:6EF2957FDEDDC3EB84974F136C22E39553287B80
                  SHA-256:B6DC74E4A39FFA38ED8C93D58AADEB7E7A0674DAC1152AF413E9DA7313ADE6ED
                  SHA-512:42D00510CD9771CE63D44991EA10C10C8FBCF69DF08819D60B7F8E7B0F9B1D385AE26912C847A024D1D127EC098904784147218869AE8D2050BCE9B306DB2DDE
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview:SQLite format 3......@ ..........................................................................K.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):4616
                  Entropy (8bit):0.13681650948595175
                  Encrypted:false
                  SSDEEP:3:7FEG2l+kvP1K/FllkpMRgSWbNFl/sl+ltlslN04l9Xlly:7+/lbvPwg9bNFlEs1E39K
                  MD5:AFE3E5D0ACE964D8C6190A57E18EFC84
                  SHA1:84587436412199BA53915769FE78BBA9A43C78F8
                  SHA-256:B07593E1FF16DAA118DF43D13EF72A4AA4CEA8E689A288CE65424F3881F41A7F
                  SHA-512:B15648B7129EDF952B5C51B2E9B4F21B2D5348FA399FFE58CCE9D4B984841A0B5604AD99894B9A213647FD9D4AB752B494A3938ADB55C8E8C8229621D3A3AD4A
                  Malicious:false
                  Reputation:low
                  Preview:.... .c.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ ..........................................................................K.................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.04486648292292196
                  Encrypted:false
                  SSDEEP:3:G4l2i4v7CBtl2i4v7CZslL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2i4v+Btl2i4v+ZEL9XXPH4l942U
                  MD5:55E8E16F8A7E0459A62EFF10945FD082
                  SHA1:64B8D26720027FE9A133783184E2759E08396571
                  SHA-256:10189DB7BB0BD91A11F65B5DAF53B534F10D7ABA37E99167634867FA0255E4B7
                  SHA-512:F1A54BBC9C00C9418AEBDCE1D854D635BFDA43347D8C799EBE1E98ABB90E2451C09964EBE9B06A840F0DDFA1B0B6D5342645E84A2BE8413FD082C5E270F2BF8B
                  Malicious:false
                  Reputation:low
                  Preview:..-........................9Z.._....L..'.4.2...F..-........................9Z.._....L..'.4.2...F........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:SQLite Write-Ahead Log, version 3007000
                  Category:modified
                  Size (bytes):45352
                  Entropy (8bit):0.39405495825144704
                  Encrypted:false
                  SSDEEP:24:KA3UyQMIzRDW2ill7DBtDi4kZERDdxqt8VtbDBtDi4kZERDezvF:N3UyQjtill7DYM5xO8VFDYMq7
                  MD5:92FFF5C3AFC79024063DA7733DEADE50
                  SHA1:DC191EB5A6806ADB4DE5A58C765449607830A59D
                  SHA-256:6D0C794778A31B1A8CBFB7738827A99D814BD8C0B13CBBE16992206212FE6D1D
                  SHA-512:1682C9F8AA734E72A5E586810F5B99930050F80B2124F31A0D6C047D8D7224FD82ABC6CDA6BDB8A9512AA10A5026FA52748A79D96264886370115AE2448434E3
                  Malicious:false
                  Preview:7....-..............L..'.o..................L..'{.a..7.SQLite format 3......@ ..........................................................................K.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{0AB91E3C-D444-4026-8E57-BA1FF14E5575}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{3DC3B491-86A3-491A-A76B-F7849B9D372A}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{43D341A3-9DC5-40EE-9E41-E6320FCBEDA0}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{7AEE9A25-1E26-4E58-816F-411F96EA5F2F}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{8B7AB069-2ECC-45DF-9751-C5AE684DA1E7}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9347597E-8CE8-4A66-9338-19EACE96C0A4}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B6029A62-90C8-4D01-A17B-429CE2A6BC46}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B7017C6C-2970-47F5-85EE-A8543A3F7B71}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):18944
                  Entropy (8bit):3.494282117028148
                  Encrypted:false
                  SSDEEP:192:lhqVB77RKzzKUKloK4Jn77dKFq7K5j77WK5L77MK9:lIB77Nu778Fj77xL77P
                  MD5:FA33A07110B071F44E20AAA56B2B0B1F
                  SHA1:0C943F2EADBC152D512F151C9836C7763995B127
                  SHA-256:FFAF7AD74084B180113DD4E9C8C8F22B8ED4B310B822DAAB58E170E952301818
                  SHA-512:31747270EDD26F0EE109F488C8AB58813BA8889D9D2F3C450A486943F03167231AEE48E3B2667D19E77DE3A98D16710173ADB025F9ED05CCA0842D30BB6F9436
                  Malicious:false
                  Preview:....1.2.....1.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.2.....1.....1.....1.2.....1.2.....1.2.....1.2.....(.....(.....(.....(.....(...t.o.t.t.i...t............................................................................................................................................................................................................................................................................................................................................................................................. ..."...(...*...0...2...8...:...@...B...H...J...P...R...V...X...\...^...d...f...l...................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{C7A41C44-8E34-4776-BEBF-0B82DA6B97D5}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CA6DC1F5-D98A-4950-AA07-C5764AFADD5E}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CE663225-8CD6-488C-9CBA-4C0AFB5AE90F}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):81328
                  Entropy (8bit):4.310021697105419
                  Encrypted:false
                  SSDEEP:768:PXOOOOO2oz7cjDyay0cjTV+yWIslte9fSfgMgt5YasoFEEjEEEEEclJax8LTq:sGKs
                  MD5:FFCA6E3643F64843CE0EEC2A5B7BE146
                  SHA1:A6E1AE8CA37A3028988D3358EE4EFAE70201C36D
                  SHA-256:724B71249C7272E8F086623F69B9437D8BB835D98D0CFD246D04459C5317A2B9
                  SHA-512:E3D494C8E0B475DD8F9F0C4E421D7D004DFD22C789F6FCB664F4547C79341E7D9941662BDC26B845FABBEA02D9DED3AE1A9E3315035C9BA39AF98BAA12FE12F1
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................8............................&.......................................................................................................................................................................................................................................................................................................d.........$.....a$......$..dh...a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4........4........a........

                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{E5856FD5-DF6B-4E70-9711-804EF7579E97}.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):1024
                  Entropy (8bit):0.03351732319703582
                  Encrypted:false
                  SSDEEP:3:ol3lG:40
                  MD5:830FBF83999E052538EAF156AB6ECB17
                  SHA1:9F6C69FA4232801D3A4857C630BA7A719662135A
                  SHA-256:D5098A2CEAE815DB29CD53C76F85240C95DC4D2E3FEDDD71D628617064C29869
                  SHA-512:A83E2E9D5274F0065A26C306F355E9590D6126297EAD87AF053CC78FB64CB31694C533139F72686C77FC772148181D8AAE973E65978D04E5F20F6F6C6BA0A013
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728889157611605700_211A8646-89F0-431A-9BD1-6FBE4F9A91D3.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:ASCII text, with very long lines (28747), with CRLF line terminators
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.17653133436033644
                  Encrypted:false
                  SSDEEP:1536:tqe4prySw3TKigofAG612TzMa1213pieXjmxDzxjxUJYHtdGSOd8Z+JLHSAcotyC:K2SsXgofAG612TR6xgZvvw
                  MD5:0E71A032FE5DC166021399E3FBB00142
                  SHA1:319DD7E363FEF7686EFF6032A8D602570C246B2D
                  SHA-256:587E717FEFD8DA59267808CA0E753CD6BE478E109299EDCBA2B5472496046CB3
                  SHA-512:64DAF356C92C180EBB415C5D3AEE5CD66A683F698822A6B26E82BE1F649FF6D236F1F9F00CF82E3A0712E9646C39CF059E198FCCF9B89219CFEDC7738BAFF6EA
                  Malicious:false
                  Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/14/2024 06:59:17.700.OUTLOOK (0x1AC8).0x1B08.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":21,"Time":"2024-10-14T06:59:17.700Z","Contract":"Office.System.Activity","Activity.CV":"RoYaIfCJGkOb0W++T5qR0w.4.9","Activity.Duration":13,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/14/2024 06:59:17.716.OUTLOOK (0x1AC8).0x1B08.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":23,"Time":"2024-10-14T06:59:17.716Z","Contract":"Office.System.Activity","Activity.CV":"RoYaIfCJGkOb0W++T5qR0w.4.10","Activity.Duration":12173,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                  C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728889157612175800_211A8646-89F0-431A-9BD1-6FBE4F9A91D3.log

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):20971520
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                  SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                  SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                  SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241014T0259170184-6856.etl

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):98304
                  Entropy (8bit):4.485151224977112
                  Encrypted:false
                  SSDEEP:768:QvAVcvODzQfYf50M42819dXLetXn6ptWZWaxWKWDIl8Jt:snw42819dXYXSIlS
                  MD5:0F12EEA74E561FF20DF990E96904B0A0
                  SHA1:CF2B63111BB1F66501C8902CA2F6BB5C5491716C
                  SHA-256:8CB62C7FF592B6A8EF74A98671F8ABC096E8454E8DF297DA021CFAA7CECC8F8C
                  SHA-512:6F779540F1A3B384B19D5467B58A4A2AC75A3BCE6573196EFF4AFD2DA4EA82888411663E0586BCA4EA6C87B08DA4378AEED82B7E63EEFDB4AA490E1BE39CFACF
                  Malicious:false
                  Preview:............................................................................b..................................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1...............................................................p..........................v.2._.O.U.T.L.O.O.K.:.1.a.c.8.:.b.4.d.9.4.b.e.2.a.0.0.1.4.0.0.b.8.e.0.9.6.b.4.3.4.3.9.e.9.6.0.5...C.:.\.U.s.e.r.s.\.t.o.t.t.i.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.1.4.T.0.2.5.9.1.7.0.1.8.4.-.6.8.5.6...e.t.l.............P.P................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\~DF2D4E04313DBC64BB.TMP

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):163840
                  Entropy (8bit):0.3958516156708735
                  Encrypted:false
                  SSDEEP:192:9+A0DcrldNjdplHRLhGfLXPaHWIAJc43UdAwAbAWW18hNgiXHWQOogNh/:gDcr3NjTxSfDaHAJc43UdnMQ1iXHOo
                  MD5:039F163862D7FC4EA6200CC548AFDBED
                  SHA1:C45F8902567895B7B37AD02BE43628169ED9E298
                  SHA-256:B7246CA1FCE9AB063A71D3460BA56347736ED9C3E6BF9A042070060DFDF33EFC
                  SHA-512:B217213E8D9773862D2367CDBB377CC187ADB2AF304A89291C6D4EF0955E2AE1B568BE3806E08643E4B14EA67F573E8460394373C95DA1FED2087C1D1FDBE5F0
                  Malicious:false
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):30
                  Entropy (8bit):1.2389205950315936
                  Encrypted:false
                  SSDEEP:3:J6Jt:
                  MD5:8000DB746AB581ABD47A8FE60F1A8AE7
                  SHA1:1C538159ED6E63E6124E987B9746F29012FC897C
                  SHA-256:F769EBF6EAFC26C7AF342A85C96EFF5ECB989EA457D06A60E4BBC622A41D3037
                  SHA-512:8314529571C5CAE18C1275B63762E7F167249CA7249C16CAE8DA81DEAFB4F7BFDEF0D8C5BE65105F58EC514D53B24534F02117946CEEEDDEAE562895D0A29BFA
                  Malicious:false
                  Preview:.....Q........................

                  C:\Users\user\AppData\Roaming\Microsoft\Outlook\NoEmail.srs

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):0.6697301560635389
                  Encrypted:false
                  SSDEEP:12:rl3baFaqLKeTy2MyheC8T23BMyhe+S7wzQP9zNMyhe+S7xMyheCE2Bmj:rAmnq1Py961E2BG
                  MD5:86B0A5CE3779B75B683CD73C4236B651
                  SHA1:20886E7CEAC43338B2A4A3BE00FD97E0717AD342
                  SHA-256:3579ECB11D0F8492EE69C2A01C107C62C580A5BE8AF4755BDA3DBD1764DCC571
                  SHA-512:9EBFAA0273D6372EC95B6CAAF296B61D9E8D5AB7B0517CAAE64CDD9BB984C44620B3E687DDFF843A2FCBC64218B936CC5385E44183BA1F1E5DC67F57A9E8CCBA
                  Malicious:false
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:Microsoft Outlook email folder (>=2003)
                  Category:dropped
                  Size (bytes):271360
                  Entropy (8bit):1.5114635636491291
                  Encrypted:false
                  SSDEEP:768:gQcRqjtsdxcdsTzyYdm3X3ne7l01FBzghhtb0Gf8BUTIZ:BScYLdqX3eJ01rgNeNZ
                  MD5:9F41C0869C67A55F9391FB36E30CA5E2
                  SHA1:5E80023220E30739CC397ABB5A51CE482539FFFE
                  SHA-256:7F065952F4453A690D7473167D9398F31D71DF11378CB81194523307CA55E8D9
                  SHA-512:9C33B76A7F77DBAD0B1DC54EFD080FF5512B4C3DF3F3CE74CD35D98A5B471869E07828A32399E92A2B4088B0880C6B08601220B8E1C28F92ACBF11C30E53F906
                  Malicious:false
                  Preview:!BDN|O..SM......\....O..................]................@...........@...@...................................@...........................................................................$.......D.......>..........................................................................................................................................................................................................................................................................................................................`..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                  Download File
                  Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                  File Type:data
                  Category:dropped
                  Size (bytes):131072
                  Entropy (8bit):0.822301416532456
                  Encrypted:false
                  SSDEEP:192:G0DwjTIoOJMyDemQrzTJsHqJLAvvJMrxVIttxfly4H3C:GjTIXJTDenqHqCBSVIVC
                  MD5:8ABFB148310676EADA84A740319F3A26
                  SHA1:8DFA50A0C55F897D27F6FB88AF92D121B6B71FE6
                  SHA-256:ED48C07EFC3ECAB6060822C80AA3C8A024270784FE97010E3246CC8D9F761363
                  SHA-512:65DB5EBF3D233638664C39742F90059FDBC4A41DECAF7CF1980F2D74D866B670FC3D78B1CC26E910EDCD48BE3F0A6CB68D0D643EA0603E5A8DFF10B8B4FAA8A9
                  Malicious:false
                  Preview:....C...J...........w........................#.!BDN|O..SM......\....O..................]................@...........@...@...................................@...........................................................................$.......D.......>..........................................................................................................................................................................................................................................................................................................................`..............w...........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                  Static File Info

                  General

                  File type:CDFV2 Microsoft Outlook Message
                  Entropy (8bit):6.189949653643886
                  TrID:
                  • Outlook Message (71009/1) 58.92%
                  • Outlook Form Template (41509/1) 34.44%
                  • Generic OLE2 / Multistream Compound File (8008/1) 6.64%
                  File name:Handling p#U00e5kr#U00e6vet..msg
                  File size:167'936 bytes
                  MD5:a949e1c85876bf284b5f40ec3f07060c
                  SHA1:941e2544a37128c209c8f3bded81ebfd44b26aaa
                  SHA256:b2e26874f30a3fd1d2c0d02f2039b0cfc7d75a4ba7273a71c36c99146fc9eb8a
                  SHA512:f18bf97162297a102b08ff7dc25cc9cc4743beb241de169ef630f555e0a5f981700170ec24047f7a5d4e7d3f65ec0bc92efff3bb3ca261fb53ba4d0f80ec9d77
                  SSDEEP:1536:+RFSe1GKlsaDBQ2TUQTWxP5ziggQJtkH0hQpZZNsW5DoB3MV+M+bZKU534gAGjBe:+BHRoIMcgBvkHcQp/roBSDGKU5oG
                  TLSH:0FF39E233E82490CF36C7E767DEAE14B91523CDAEEA0C5CBBBA5B31F183915A501052D
                  File Content Preview:........................>......................................................................................................................................................................................................................................

                  Static Mail

                  General

                  Subject:Handling pkrvet.
                  From:"Brobizz.dk" <kund@witbankmidas.co.za>
                  To:undisclosed-recipients:;
                  Cc:
                  BCC:
                  Date:Mon, 14 Oct 2024 07:42:22 +0200
                  Communications:
                  • <https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitbKNJ8sYhqlUJYn8yxhWxUA0aJZmY5LVQXtJ_ILTKZZwpaQtRjD_bBhVgez8biuF2oIY1eZ6WWCPDhA-HKNrtaRy0MDNWSYSymAkryTIqgcDmTiUiHO7r7NP2_08OxpqkX5MapWuII64_U3TZwW5nKAxcsmE6qeQ00TkEHz0my6QqYxJ23n8rP2tHtwSf/s1600/jIYQCsK6.png> Kre kunde Vi har desvrre ikke kunnet behandle din seneste betaling, muligvis p grund af problemer med dine faktureringsoplysninger. For at sikre uafbrudt adgang til vores tjenester, bedes du venligst opdatere dine oplysninger via nedenstende link: Opdateringscenter <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3D%252Fphto%253A%252Fgtsmeogaco%252Fl.msmpnpie%252F%252Fertasthrbo%252Ftp.%26s%3D19seH-RJRVXD_W3b1eqm1lU_x4k&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813738971325%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=w8bSrF4Hj7gu9EWuqSnuhH3KS1%2FX%2Bchtit1%2BDh0VRdE%3D&reserved=0> Hvis du har sprgsml eller brug for hjlp, str vores kundesupport klar til at assistere dig. Vi takker for din hurtige opmrksomhed. Med venlig hilsen, BrobizzzTeamet ________________________________ g <https://s3-eu-west-1.amazonaws.com/templates-media/EmailTemplateSources/Telmore/00_template2017/fill2.png> Ofertas exclusivas para viajar <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2cas%2526m%2525F.o%253Dr%25260498%253Di%26s%3DlphyVFTnL3UV7dY4Hm0_MU1i4-c&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813738991091%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=9mdfTQPM1i2cWY%2FfjUMV8GJu8v0jjUe4kfaWkU%2Bz7Qg%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2casdm%2525F.oFeisa%25252pny9%2526ri0%253D84si%253Dr%2526%26s%3DYyTL9WZXDkEtYn-qxf8m52BzC7o&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739002243%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=Cy1JTJ1H6agnurhBsEq1jVBrc9aH3dbGABh%2BZR1DdTw%3D&reserved=0> Disneyland Paris te espera. Es el momento de reservar! Te apuntas a vivir tu escapada ms mgica? La tan esperada apertura de ventas de Disneyland Paris <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2casdm%2525F.oFeisa%25252pny9%2526ri0%253D84si%253Dr%2526%26s%3DYyTL9WZXDkEtYn-qxf8m52BzC7o&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739013151%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=4aDI1ZZAuhRyJxLubYGwllkFJ1ETQI2Lm7iKESzCaHs%3D&reserved=0> ya est aqu! Asegrate tu escapada en Central de Reservas <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2cas%2526m%2525F.o%253Dr%25260498%253Di%26s%3DlphyVFTnL3UV7dY4Hm0_MU1i4-c&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739024304%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=XUByQBXsbD2l%2FmVOX7R1AhdkEPK84lAMMukIzh84KIc%3D&reserved=0> con precio de referencia de 100 por persona y noche y preprate para disfrutar de un viaje realmente inolvidable. Sumrgete en un mundo de fantasa donde cada rincn te sorprender. Reserva ahora y haz realidad tus sueos! Hotel Disney + Entradas a Disneyland Paris <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2casdm%2525F.oFeisa%25252pny9%2526ri0%253D84si%253Dr%2526%26s%3DYyTL9WZXDkEtYn-qxf8m52BzC7o&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739035319%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=P3XdrT2exDi6abXXKhlri%2Bam2MhddEwM6AlkXk2V%2FY4%3D&reserved=0> *Condiciones: Vlido para reservas realizadas entre el 26 de agosto y el 6 de octubre de 2024. El precio de referencia de 100 por persona y noche est calculado en base a estancias de 2 adultos y 2 nios en el Hotel Disney Sequoia Lodge, con llegadas entre el 6 de enero y el 5 de febrero de 2025. Quedan excluidas las llegadas en viernes y sbados. Prefieres slo entrada? <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AdtFadviacirceslnta.evedeserarsdm.c22F%2525o%2525%2525eFcFsy2hsandidylnselr-pts-sai%253D8PG9%2526i82W%253Dr%252604%26s%3DX2EUVVbaFeMmkeZrEwZAHQCHDis&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739046029%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=uORPec7ZFQqDG2uO5v2XYcLD3u3hZ8XblSGYKB1HeoU%3D&reserved=0> Gestiona tus reservas desde Mi cuenta <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AceFuns.esreltreersadmsrv2co%2525a.0%253DF%2526r94%2526i8%253D%26s%3D9sCO6iWHEVCRX4IUNQsvGualTDI&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739057310%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=kXnUMmiQ503pf0B2LGa75eJFKkKW57GJQc%2FseNdCTuk%3D&reserved=0> Disfruta de las ventajas de ser cliente <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2casmm%2525F.oeoi-oedrmn%25268%2526i%253D40r%253D9%26s%3DNakL6o34Z9-G41_Zssil8K3kD3I&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739072681%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=Us3KSEz924gVwYNUuIKZPK6%2F2O8KA2Xt2Qw41im44sc%3D&reserved=0> Acumula dinero Acumula saldo en tu monedero viajando con Central de Reservas <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AceFuns.esreltreersadmsrv2co%2525a.siFfind%2526re%253Dr%25260498%253D%26s%3DOVr5I-09ou2M1i_SATRyRGRFBmg&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739084067%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=760l3djQ7tuGmtZSUFHuODV8GecwgfbDoM8PZMBqciI%3D&reserved=0> Invita a un amigo Invita a un amigo y consigue saldo para tus prximas reservas <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2casbm%2525F.oe%2525louFsgg2ndrol-au-eeoact-btinieer8t%2526%253Dbs%253Dr%2526049%26s%3DlBSkyl_Hf2IrIAFIR5dWbVSMiKE&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739095040%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=JtZYt5jsILzZxnUKSoQ6k%2FNM5gW1KL%2B%2FgfuwJF85YhU%3D&reserved=0> Tu viaje seguro Viaja con seguridad. Tenemos los mejores seguros de viaje Sguenos en redes <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3D%252Fphtw%253A%252Fwtsoaw.kebofcnm.crCeto%252Feealvesrdrsa%26s%3D7Fi8hJHa-68jbA0tdUuosQ152xY&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739106052%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=y2VEfm90GAc0iMnUBmUpC%2F1fnlHJ7pAr2Lm%2Fwyk0kTU%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3D%252Fphtw%253A%252Fwtsgnw.atariseom.t%252Fcncmsdrarreele%252Fsav%26s%3DQJxhAW73UNu74FzLeqmIGTiA3f0&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739121080%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=66IttmU6f1VzcxJ0IgS97xXAEFQ2cu%2B%2BD%2BhdB91qGvk%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3D%252Fphts%253A%252Fetsin.l.ednikp%252Fconomamcaey%252Fdtrlcnaser-rvseemoc%26s%3Dk6gDvucfv3vtrfXExM35-Ai3dkE&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739135792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=9vLCU8a3rxhJi2TiMr32wMm3tYV%2BCiChSL%2BRM%2FapStA%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3D%252Fphtw%253A%252Fwtsahw.ptspwaam.cnchno%252FV0elD29a%252F0byEphwtAA3d0HnpsN%26s%3DhGZneTWQUE-ndN0PzrhRr3BfnU0&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739146599%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=DhkRnXxhQgoYlR42uxiXk%2BRCCxFKissbfQryamX0xa0%3D&reserved=0> <https://d1nn1beycom2nr.cloudfront.net/uploads/user/KmlMVsvZPZQWos1O892sddtw/images/Prueba/logo-blanco.png> Different Travel S.L.U. Plaza San Lorenzo, 2 - 22330 Ansa (Huesca - Espaa) - CAA113-1998/2024Tel: 976 301 523 / Internacional: +34 976 301 523 CONTACTAR <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Furl12.mailanyone.net%2Fscanner%3Fm%3D1t0Dqs-000000001mw-3EUh%26d%3D4%257Cmail%252F90%252F1728884400%252F1t0Dqs-000000001mw-3EUh%257Cin12l%257C57e1b682%257C21208867%257C12850088%257C670CAF5226A69F31F09C33774F93F45E%26o%3Dwphtw%252F%252Fwt%253Ass.vcta.iiereneldrtacvsems.orarl%252Fcdboaoaisorkclce%252Fhp.ptu%253Dth%253FF3ps2%25252%2525%2525AnwFwrcetw.eealvesrdr2cascm%2525F.oraonita%2526tc%253Dr%25260498%253D%26s%3DBNKVVJ5K8cbx4d5xkkxanc1-ZCg&data=05%7C02%7C%7Cdb58a06a66ef4170f9d408dcec1306f0%7C7cb704f0946d416b95824926034e2bb2%7C0%7C0%7C638644813739157461%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C20000%7C%7C%7C&sdata=Kuk%2FyCfL9ovoiQSSneNOQWjpsteYcdwBEOQNam6Ue%2Fg%3D&reserved=0> Para evitar que el boletn caiga en la carpeta de correo no deseado aade tusviajes@centraldereservas.com en tu libreta de direcciones. Con motivo de la entrada en vigor de la Ley 34/2002, de 11 de junio, de Servicios de la Sociedad de la Informacin y de Comercio Electrnico, te informamos que puedes revocar en cualquier momento, de forma sencilla y gratuita, el consentimiento para la recepcin de nuestro servicio de boletn. Different Travel SLU - Plaza San Lorenzo 2, 22330, Ansa, Huesca
                  Attachments:

                    Headers

                    Key Value
                    Receivedfrom webmailweb1.jnb1.host-h.net ([129.232.250.227] helo=webmailweb-jnb.konsoleh.co.za)
                    0542:53 +0000
                    by GVXPR08MB10835.eurprd08.prod.outlook.com (260310a6:150:15b::9) with
                    2024 0542:46 +0000
                    (260310a6:10:4fa::27) with Microsoft SMTP Server (version=TLS1_2,
                    Transport; Mon, 14 Oct 2024 0542:46 +0000
                    Authentication-Resultsspf=pass (sender IP is 129.232.250.59)
                    Received-SPFpass (in12l.electric.net: domain of witbankmidas.co.za
                    15.20.8048.13 via Frontend Transport; Mon, 14 Oct 2024 0542:44 +0000
                    Sun, 13 Oct 2024 2242:43 -0700
                    Authentication-Results-Originalin12l.electric.net; iprev=pass
                    DKIM-Signaturev=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
                    d=witbankmidas.co.za; s=xneelo; h=Content-TypeMessage-ID:Subject:To:From:
                    DateMIME-Version:reply-to:sender:cc:bcc:in-reply-to:references:
                    by antispam1-jnb1.host-h.net with esmtpsa (TLSv1.3TLS_AES_256_GCM_SHA384:256)
                    id 1t0Dqc-008Jl4-Me; Mon, 14 Oct 2024 0742:33 +0200
                    Mon, 14 Oct 2024 0742:23 +0200
                    DateMon, 14 Oct 2024 07:42:22 +0200
                    From"Brobizz.dk" <kund@witbankmidas.co.za>
                    Toundisclosed-recipients:;
                    Subject=?UTF-8?Q?Handling_p=C3=A5kr=C3=A6vet=2E?=
                    Message-ID<7c0b4f3ae8dc52627cd5c128546cf7a2@witbankmidas.co.za>
                    X-Senderkund@witbankmidas.co.za
                    X-Authenticated-Senderkund@witbankmidas.co.za
                    X-Virus-ScannedClear
                    X-Originating-IP129.232.249.152
                    X-SpamExperts-Domainwitbankmidas.co.za
                    X-SpamExperts-UsernameAuthentication-Results-Original: host-h.net; auth=pass (login)
                    X-SpamExperts-Outgoing-Classunsure
                    X-SpamExperts-Outgoing-EvidenceCombined (0.48)
                    X-Recommended-Actionaccept
                    X-Filter-IDPt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8Ga6yfBoRne5Iuy1OYqx5qPUtbdvnXkggZ
                    X-Report-Abuse-Tospam@antispamquarantine.host-h.net
                    X-FM-OSLinux 2.2.x-3.x
                    X-FM-GeoIPZA
                    X-Protoesmtps
                    X-Revdnsoutgoing11.jnb.host-h.net
                    X-HELOoutgoing11.jnb.host-h.net
                    X-TLSTLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256
                    X-Authenticated_IDX-Origin-IP: 129.232.250.59
                    X-Env-Fromkund@witbankmidas.co.za
                    X-DKIMpass
                    X-DMARCnorecord
                    X-PolicySMART23195708, 25689458, 31594537, 8340662, 8321732, 9059492, 9474902, 11159222, 20744282, 11258617, 32344927, 25275308, 36678277, 30437078, 27251947, 13639867, 11258677, 11265007, 25247288, 28867358, 29807918, 29895488, 29895518, 29895548, 30153698, 30567998, 30567968, 30921667, 31204237, 31207807, 29827838, 29842328, 30153728, 29881988, 32501437, 37048897, 25275278
                    MIME-Version1.0
                    Content-Typemultipart/alternative; boundary="=_deea7af0c18232198398e3e4ce6c8ccf"
                    X-Comendo-ID670CAF5226A69F31F09C33774F93F45E
                    X-SPAM-StatusNO, 0.0 / 5.0
                    X-VIPRE-Scannersvirus_clamav;virus_bd;spam_clamav;urld;spam_bd;yara:1.0.5.530;
                    Return-Pathkund@witbankmidas.co.za
                    X-MS-Exchange-Organization-ExpirationStartTime14 Oct 2024 05:42:44.4757
                    X-MS-Exchange-Organization-ExpirationStartTimeReasonOriginalSubmit
                    X-MS-Exchange-Organization-ExpirationInterval1:00:00:00.0000000
                    X-MS-Exchange-Organization-ExpirationIntervalReasonOriginalSubmit
                    X-MS-Exchange-Organization-Network-Message-Iddb58a06a-66ef-4170-f9d4-08dcec1306f0
                    X-EOPAttributedMessage0
                    X-EOPTenantAttributedMessage7cb704f0-946d-416b-9582-4926034e2bb2:0
                    X-MS-Exchange-Organization-MessageDirectionalityIncoming
                    X-MS-Exchange-SkipListedInternetSenderip=[129.232.250.59];domain=outgoing11.jnb.host-h.net
                    X-MS-Exchange-ExternalOriginalInternetSenderip=[129.232.250.59];domain=outgoing11.jnb.host-h.net
                    X-MS-PublicTrafficTypeEmail
                    X-MS-TrafficTypeDiagnosticDU2PEPF0001E9C3:EE_|GVXPR08MB10835:EE_|DBBPR08MB10591:EE_
                    X-MS-Exchange-Organization-AuthSourceDU2PEPF0001E9C3.eurprd03.prod.outlook.com
                    X-MS-Exchange-Organization-AuthAsAnonymous
                    X-MS-Office365-Filtering-Correlation-Iddb58a06a-66ef-4170-f9d4-08dcec1306f0
                    X-MS-Exchange-AtpMessagePropertiesSA|SL
                    X-MS-Exchange-Organization-SCL5
                    X-Forefront-Antispam-ReportCIP:89.104.206.19;CTRY:ZA;LANG:es;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:outgoing11.jnb.host-h.net;PTR:outgoing11.jnb.host-h.net;CAT:PHISH;SFS:(13230040)(5073199012)(5063199012)(4123199012)(69100299015)(1032899013)(82310400026)(15013499015);DIR:INB;
                    X-Microsoft-AntispamBCL:0;ARA:13230040|5073199012|5063199012|4123199012|69100299015|1032899013|82310400026|15013499015;
                    X-MS-Exchange-CrossTenant-OriginalArrivalTime14 Oct 2024 05:42:44.4601
                    X-MS-Exchange-CrossTenant-Network-Message-Iddb58a06a-66ef-4170-f9d4-08dcec1306f0
                    X-MS-Exchange-CrossTenant-Id7cb704f0-946d-416b-9582-4926034e2bb2
                    X-MS-Exchange-CrossTenant-AuthSourceDU2PEPF0001E9C3.eurprd03.prod.outlook.com
                    X-MS-Exchange-CrossTenant-AuthAsAnonymous
                    X-MS-Exchange-CrossTenant-FromEntityHeaderInternet
                    X-MS-Exchange-Transport-CrossTenantHeadersStampedGVXPR08MB10835
                    X-MS-Exchange-Transport-EndToEndLatency00:00:09.3423422
                    X-MS-Exchange-Processed-By-BccFoldering15.20.8048.018
                    X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910001)(944506478)(944626604)(920097)(930097)(3100021)(140003)(1420198);RF:JunkEmail;
                    X-Microsoft-Antispam-Message-Info=?us-ascii?Q?AgAWU8L8MGNsbFRP9D0l8BAzGzEd0/3izCojf5vUd4bJVzsWlgxCsclkb6A8?=
                    dateMon, 14 Oct 2024 07:42:22 +0200

                    File Icon

                    Icon Hash:c4e1928eacb280a2

                    Network Behavior

                    No network behavior found

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:02:59:13
                    Start date:14/10/2024
                    Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                    Wow64 process (32bit):true
                    Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /f "C:\Users\user\Desktop\Handling p#U00e5kr#U00e6vet..msg"
                    Imagebase:0xa0000
                    File size:34'446'744 bytes
                    MD5 hash:91A5292942864110ED734005B7E005C0
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    General

                    Target ID:4
                    Start time:02:59:19
                    Start date:14/10/2024
                    Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "BC50F963-EA67-4F56-BA39-EEBA6AD68FA7" "90EA30BC-853E-4F4E-A406-0530445FAF23" "6856" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                    Imagebase:0x7ff6a2a00000
                    File size:710'048 bytes
                    MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    Disassembly

                    No disassembly