Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Updates f#U00fcr Ihr DigiKey-Konto.eml

Overview

General Information

Sample name:Updates f#U00fcr Ihr DigiKey-Konto.eml
renamed because original name is a hash value
Original sample name:Updates fr Ihr DigiKey-Konto.eml
Analysis ID:1532994
MD5:90d118777d9297e8337a29867d279626
SHA1:be84ed5ba58d80e561730854908e69ab8d126a96
SHA256:75c1bda2422df3689b9e0d773649b7d9ac9e86da35506389426d6c5fa6f68998
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Queries the volume information (name, serial number etc) of a device
Sigma detected: Office Autorun Keys Modification

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 7836 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Updates f#U00fcr Ihr DigiKey-Konto.eml" MD5: 91A5292942864110ED734005B7E005C0)
    • ai.exe (PID: 7480 cmdline: "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AED3CF7C-BB3A-4269-B858-3D3575017780" "2E97C19A-80CB-4608-9EDA-D18B55C11E4E" "7836" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx" MD5: EC652BEDD90E089D9406AFED89A8A8BD)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Office Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE, ProcessId: 7836, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Addins\OneNote.OutlookAddin\1

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: HYPERLINK "https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.youtube.com%252fuser%252fdigikey&c=E,1,cpR0pzLqGYZ15EplopRkLys0N6FNFLpm_q62nSzbYKqh0wlODdLZiPO9PHTcLp3VBZoPuyBa9DzGv6BjlcWNf1B3Mn4zKhN2OKcNhPohjhX46QrPEOqCUlq8&typo=1" \t "_blank" equals www.youtube.com (Youtube)
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: HYPERLINK "https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.facebook.com%252fdigikey.electronics%252f&c=E,1,u73Q6m00A8-jgQewHLfawMD6AzLqxxPpp-ZTFYwDY2RqihGUnDZLxCNXIqR_cnoe7IkMNcffwshYidqKqptb8RKtMXKk87K89rPYJKvk77aXKe1Se_4YOyOzbf4,&typo=1" \t "_blank" equals www.facebook.com (Facebook)
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: HYPERLINK "https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fdigikey&c=E,1,PQjXkyZyYcc_dzlkk2rkp40QF2V3oxcbe3SkXjLE1dZ_dkapT0-OLjUfmsbDWN-RWM09EHm99l6yl1Nl51H_lzNmB4L409aNTTZcI7rVggqQ&typo=1" \t "_blank" equals www.linkedin.com (Linkedin)
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 31996480045.ttf.0.dr, 29157941112.ttf.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.aadrm.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.aadrm.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.cortana.ai
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.office.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.onedrive.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://api.scheduler.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://app.powerbi.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://augloop.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://canary.designerapp.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.entity.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cortana.ai
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cortana.ai/api
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://cr.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://d.docs.live.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dev.cortana.ai
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://devnull.onenote.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://directory.services.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ecs.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://graph.windows.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://graph.windows.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://invites.office.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://lifecycle.office.com
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2fD
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2fI
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2ff
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2fl
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2fy
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_1
Source: ~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drString found in binary or memory: https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.digikey.at%2fclassic%2fEmailUnsubscribe.aspx
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://login.windows.local
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://make.powerautomate.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://management.azure.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://management.azure.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messageuserer.mobile.m365.svc.cloud.microsoft
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://messaging.office.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://mss.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ncus.contentsync.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://officeapps.live.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://onedrive.live.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office365.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office365.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://res.cdn.office.net
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://service.powerapps.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://settings.outlook.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://staging.cortana.ai
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://substrate.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://tasks.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://wus2.contentsync.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean1.winEML@3/17@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241014T0313050262-7836.etlJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Updates f#U00fcr Ihr DigiKey-Konto.eml"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AED3CF7C-BB3A-4269-B858-3D3575017780" "2E97C19A-80CB-4608-9EDA-D18B55C11E4E" "7836" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess created: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe "C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AED3CF7C-BB3A-4269-B858-3D3575017780" "2E97C19A-80CB-4608-9EDA-D18B55C11E4E" "7836" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: c2r64.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{F959DBBB-3867-41F2-8E5F-3B8BEFAA81B3}\InprocServer32Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEWindow found: window name: SysTabControl32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile Volume queried: C:\Windows\SysWOW64 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\Office16\AI\WordCombinedFloatieLreOnline.onnx VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory13
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1532994 Sample: Updates f#U00fcr Ihr DigiKe... Startdate: 14/10/2024 Architecture: WINDOWS Score: 1 5 OUTLOOK.EXE 52 133 2->5         started        process3 7 ai.exe 5->7         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messageuserer.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:144362D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.net62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
  • URL Reputation: safe
unknown
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2ff~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drfalse
    		unknown
    https://autodiscover-s.outlook.com/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://useraudit.o365auditrealtimeingestion.manage.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://outlook.office365.com/connectors62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cdn.entity.62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.addins.omex.office.net/appinfo/query62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://clients.config.office.net/user/v1.0/tenantassociationkey62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://powerlift.acompli.net62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v162D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cortana.ai62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/imports62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
    • URL Reputation: safe
    		unknown
    https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2fI~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drfalse
      		unknown
      https://cloudfiles.onenote.com/upload.aspx62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
      • URL Reputation: safe
      		unknown
      https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
      • URL Reputation: safe
      		unknown
      https://entitlement.diagnosticssdf.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
      • URL Reputation: safe
      		unknown
      https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.digikey.at%2fclassic%2fEmailUnsubscribe.aspx~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drfalse
        		unknown
        https://api.aadrm.com/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
        • URL Reputation: safe
        		unknown
        https://ofcrecsvcapi-int.azurewebsites.net/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
        • URL Reputation: safe
        		unknown
        https://canary.designerapp.62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
        • URL Reputation: safe
        		unknown
        https://ic3.teams.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
        • URL Reputation: safe
        		unknown
        https://linkprotect.cudasvc.com/url?a=https%3a%2f%2finfo.digikey.com%2frs%2f144-NCB-030%2fimages%2fD~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp.0.drfalse
          		unknown
          https://www.yammer.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
          • URL Reputation: safe
          		unknown
          https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.microsoftstream.com/api/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
            		unknown
            https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
            • URL Reputation: safe
            		unknown
            https://cr.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
            • URL Reputation: safe
            		unknown
            https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
              		unknown
              https://messageuserer.mobile.m365.svc.cloud.microsoft62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
              • URL Reputation: safe
              		unknown
              https://otelrules.svc.static.microsoft62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                		unknown
                https://portal.office.com/account/?ref=ClientMeControl62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://clients.config.office.net/c2r/v1.0/DeltaAdvisory62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://edge.skype.com/registrar/prod62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://graph.ppe.windows.net62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://res.getmicrosoftkey.com/api/redemptionevents62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://powerlift-frontdesk.acompli.net62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://tasks.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://officeci.azurewebsites.net/api/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://sr.outlook.office.net/ws/speech/recognize/assistant/work62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.scheduler.62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                • URL Reputation: safe
                		unknown
                https://my.microsoftpersonalcontent.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                  		unknown
                  https://store.office.cn/addinstemplate62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://api.aadrm.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://edge.skype.com/rps62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                  • URL Reputation: safe
                  		unknown
                  https://outlook.office.com/autosuggest/api/v1/init?cvid=62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    		unknown
                    https://globaldisco.crm.dynamics.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://messaging.engagement.office.com/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://dev0-api.acompli.net/autodetect62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.odwebp.svc.ms62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.diagnosticssdf.office.com/v2/feedback62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.powerbi.com/v1.0/myorg/groups62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://web.microsoftstream.com/video/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.addins.store.officeppe.com/addinstemplate62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://graph.windows.net62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://dataservice.o365filtering.com/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://officesetup.getmicrosoftkey.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://analysis.windows.net/powerbi/api62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://prod-global-autodetect.acompli.net/autodetect62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://substrate.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://outlook.office365.com/autodiscover/autodiscover.json62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://consent.config.office.com/consentcheckin/v1.0/consents62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://d.docs.live.net62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                      		unknown
                      https://safelinks.protection.outlook.com/api/GetPolicy62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://ncus.contentsync.62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        		unknown
                        https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://weather.service.msn.com/data.aspx62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://apis.live.net/v5.0/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://officepyservice.office.net/service.functionality62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://templatesmetadata.office.net/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://messaging.lifecycle.office.com/62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://mss.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://pushchannel.1drv.ms62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://management.azure.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://outlook.office365.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://wus2.contentsync.62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://incidents.diagnostics.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://clients.config.office.net/user/v1.0/ios62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://make.powerautomate.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.addins.omex.office.net/api/addins/search62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://insertmedia.bing.office.net/odc/insertmedia62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://outlook.office365.com/api/v1.0/me/Activities62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.office.net62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown
                        https://incidents.diagnosticssdf.office.com62D34518-01F8-4111-BDC4-6AF14DE600DE.0.drfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        No contacted IP infos

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1532994
                        Start date and time:2024-10-14 09:11:41 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 4m 55s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:8
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Updates f#U00fcr Ihr DigiKey-Konto.eml
                        renamed because original name is a hash value
                        Original Sample Name:Updates fr Ihr DigiKey-Konto.eml
                        Detection:CLEAN
                        Classification:clean1.winEML@3/17@0/0
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        Cookbook Comments:
                        • Found application associated with file extension: .eml

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                        • Excluded IPs from analysis (whitelisted): 52.109.76.240, 184.28.90.27, 52.113.194.132, 52.111.231.25, 52.111.231.24, 52.111.231.26, 52.111.231.23, 52.168.117.168
                        • Excluded domains from analysis (whitelisted): ecs.office.com, fs.microsoft.com, slscr.update.microsoft.com, prod.configsvc1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, s-0005-office.config.skype.com, mobile.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, ecs-office.s-0005.s-msedge.net, prod1.naturallanguageeditorservice.osi.office.net.akadns.net, neu-azsc-config.officeapps.live.com, nleditor.osi.office.net, prod-eu-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, s-0005.s-msedge.net, config.officeapps.live.com, e16604.g.akamaiedge.net, onedscolprdeus07.eastus.cloudapp.azure.com, officeclient.microsoft.com, ecs.office.trafficmanager.net, prod.fs.microsoft.com.akadns.net, europe.configsvc1.live.com.akadns.net, mobile.events.data.trafficmanager.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                        • VT rate limit hit for: Updates f#U00fcr Ihr DigiKey-Konto.eml

                        Simulations

                        Behavior and APIs

                        No simulations

                        LLM Input / Output

                        InputOutput
                        URL: Email Model: jbxai
                        {
"brands":["DigiKey"],
"text":"Bitte stellen Sie sicher,
 dass Ihre Rechnungs- und Zahlungsinformationen korrekt sind.",
"contains_trigger_text":true,
"trigger_text":"Globi",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":true,
"has_visible_qrcode":false}

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):231348
                        Entropy (8bit):4.37654067868604
                        Encrypted:false
                        SSDEEP:3072:E2gBgQgJmiGu2WqoQMrt0FvACAhCkNxLZ:EElmi2j7AhCkNr
                        MD5:CF59AB7319626C6982BC7E155040CEE4
                        SHA1:4FB018661A3E66EF1F1A813F3DFC05E40E406737
                        SHA-256:F5C9C057BEFD82587B4E24BA83F4161C063117590DEEECB6F32676A208919CF2
                        SHA-512:631B95F848221E38378CBBB5B7D8E8F58974DD6CB55E8A4A177499B631D7FFDB24DC5B2DAC8C87210CE493AD568D92FA7A57ED07A48B6642EFB3598601A97AC6
                        Malicious:false
                        Reputation:low
                        Preview:TH02...... .P[.r........SM01X...,...ptxr............IPM.Activity...........h...............h............H..h<.........k...h.........`..H..h\bro ...pDat...hP...0..........h...............h........_`Dk...h&...@...I.ew...h....H...8.Ik...0....T...............d.........2h...............k..............!h.............. h..'...........#h....8.........$h.`......8....."h.D......`E....'h..............1h....<.........0h....4....Ik../h....h.....IkH..hX`..p...<.....-h ............+hb.......0................... ..............F7..............FIPM.Activity.st.Form.e..Standard.tanJournal Entry.pdIPM.Microsoft.FolderDesign.FormsDescription................F.k..........1122110020000000.000Microsoft.ofThis form is used to create journal entries.........kf...... ..........&...........(.......(... ...@.....................................................................................................................fffffffff........wwwwwwww.p....pp..............p...............pw..............pw..DDDDO..

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:XML 1.0 document, ASCII text, with very long lines (2147), with no line terminators
                        Category:modified
                        Size (bytes):2147
                        Entropy (8bit):5.077276736118101
                        Encrypted:false
                        SSDEEP:48:cG1dSyrCnzyfdyBdypSyrpnzyrtnzyrPdnzy7ASygdyzJdyRkSygy/XyO:NdbO2fEBEpbd2p2rd27AbgEtE2b96O
                        MD5:ABF236AF1A1403EE67DD5F598B5FFB90
                        SHA1:6C6DD3A763C876A782F20043E749AA4EA74310E1
                        SHA-256:8F9BF978B99C2024B9652E73E6EA957FA366271500901E2E288287ACBE0EF3F0
                        SHA-512:7FF0BB5DA5B756FFEBEA58DBB6D47D44C31A7E9939C8006C2FF7406B8B4E39C423BABD27D653356D45B3F972750FB65FF162A9E638CC63E2873E75C969D141A6
                        Malicious:false
                        Reputation:low
                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>14</Count><Resource><Id>Aptos Narrow_26215424</Id><LAT>2024-10-14T07:13:06Z</LAT><key>31558910439.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2024-10-14T07:13:06Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos_45876480</Id><LAT>2024-10-14T07:13:05Z</LAT><key>27160079615.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos_26215680</Id><LAT>2024-10-14T07:13:05Z</LAT><key>29939506207.ttf</key><folder>Aptos</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2024-10-14T07:13:06Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2024-10-14T07:13:06Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):521377
                        Entropy (8bit):4.9084889265453135
                        Encrypted:false
                        SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                        MD5:C37972CBD8748E2CA6DA205839B16444
                        SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                        SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                        SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Roboto\29157941112.ttf

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoRegularGoogle:Roboto Regular:2016Version 3.
                        Category:dropped
                        Size (bytes):469544
                        Entropy (8bit):6.8480115015387035
                        Encrypted:false
                        SSDEEP:12288:Mx7rwaBxh0ACZCy5HMQfwpi7gByJ5lF+xrHY:Mx7rwGKACZh5HMQCiQS5lsO
                        MD5:4F6375B8EA6B4094295CCD33334B0B7A
                        SHA1:1476EDA17FED0A7F71B30161265D40DBE26E5577
                        SHA-256:2F420C946304315909C1672B14CB4343A3D70C45879C39B85D2345A75850C287
                        SHA-512:63DF47FCE03B3458E05472B6541B3E6317B50DBB561AF896CFAF3E9D86D6297E189E1D34C52DDAA877E85F39286473317E06C11C2960F031441903D1C69C8A16
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:............GDEF..."........GPOS&.........>.GSUB..q|......-.OS/2...........`cmapg+.B..6.....cvt ;.&}..bD....fpgm...2..O.....gasp............glyf..qR...4....head.?,........6hhea...M...T...$hmtxo..,......4.loca$A....cD..4.maxp...m...x... name>.n...'0....post.7....*.....prepyX...._t..............Y._.<.........................\.s.................l...........\.................:.....;.P...v......./.......u.................3.......3.....f..................P.!....!....GOOG.@.........f.... ........:..... .....d...............................w...n...i...f.f.h.......'.r.....N.....6.&.....M.....s.......^..._...5...........N...q...d.......)...H.d.../.....K./.m.8.......5.x.@.......l...s.z.....-...j.5.....O.............w.......n.......Q...2.0.........=...:.......W.....I.).....X.@.....y.9.Z.m.~...0.]..._.>.]...=.~.a.h.......................k.....\.~....._.....!._.....i.....!...+...*.......Y...@.........q.......a.i...[...i.4.........[.Y.e.I.\.......e.n...J.[.........G.a...B...?...{.......D.......t...{

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\CloudFonts\Roboto\31996480045.ttf

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:TrueType Font data, 17 tables, 1st "GDEF", 15 names, Microsoft, language 0x409, Copyright 2011 Google Inc. All Rights Reserved.RobotoBoldGoogle:Roboto Bold:2016Roboto BoldVersi
                        Category:dropped
                        Size (bytes):471760
                        Entropy (8bit):6.849571568567551
                        Encrypted:false
                        SSDEEP:12288:Nak0GDZKF3it7m1VvNEecqNKUHAQHN6WO2:wk0oZKE70NEENdAQHNU2
                        MD5:F5D861C69936190F6B631ACEB948515F
                        SHA1:9F6F314D0576415F85E71EC8658E30517C066D48
                        SHA-256:464B4AFCC2F464A3D3A76C4DBEB86F3718F8D10E3ECDDED96368ABF7D63F1FB8
                        SHA-512:3A2758E647A58D06534C1A580495518828DCDA2AA4908EC58B57BD474D43D16F60BD64F54CF4A81AB2AE362DBE44702C875B54B1FEABECB65E3E528E0723FDD4
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:............GDEF..."........GPOS.k.Z......>.GSUB..q|......-.OS/2..m.......`cmapg+.B..6.....cvt ;.&}..bD....fpgm...2..O.....gasp............glyf..C....4....head.8,Y.......6hhea.......T...$hmtx........4.loca$.....cD..4.maxp...m...x... name?bn8../.....post.7....1.....prepyX...._t............Gz.r_.<..........................{.s.................l...........{.................:.....;.P...v......./.......u.................3.......3.....f..................P.!....!....GOOG. .........f.... ........:..... .....d.....................*.z...>...;...\...`.B.G.J.?...}...(.....\.8...&.'.s.R.~......._.......G...?...9...i...d...<...^...V.A.{...;...6.....!.w...-.,.L.`.......<.V.3.......d...t._.....W...x.*.....T.............V.(.....T. .....E...).F.u.:.....#...........I.7.y._...7.....-.......8.H.B...p.+.B...C.R.G.......E.{.i...m.....F.p.......o.|.j...B...p...C...p...7.....{.h...................J...0......."./.j.C.....e...c...Q.J.........^...a.I.X.......L.h.~.I.X.........L.X...9...1...e.......M.j...&.a....

                        C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                        Category:dropped
                        Size (bytes):773040
                        Entropy (8bit):6.55939673749297
                        Encrypted:false
                        SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                        MD5:4296A064B917926682E7EED650D4A745
                        SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                        SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                        SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                        Malicious:false
                        Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                        C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\62D34518-01F8-4111-BDC4-6AF14DE600DE

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):178099
                        Entropy (8bit):5.290521745486669
                        Encrypted:false
                        SSDEEP:1536:Pi2XfRAqcbH41gwEwLe7HW8bM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:6Ce7HW8bM/o/TXgk9o
                        MD5:7166CD8D16E2983E82FADA97DAC53F35
                        SHA1:BE7A679C4F9AAC67108E65C56749F0BBE6780CF4
                        SHA-256:36D1BA44C5996AB3EA200963672B7E7EF66DCAE94BB9D85E9F67731DFA45FF4C
                        SHA-512:F0D726CE483B86F5F8592347931043DB1586FB7B0A68131F6440B1E195085BF08961082D9D15A1F5CD341DB359BBA28CA9DAE48E808EDAEE07373D49EBEC324A
                        Malicious:false
                        Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-14T07:13:08">.. Build: 16.0.18204.40137-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):32768
                        Entropy (8bit):0.04591939678467531
                        Encrypted:false
                        SSDEEP:3:GtlxtjlSToMEB5EFVYlxtjlSToMEB5EFP/ljR9//8l1lvlll1lllwlvlllglbelL:GtNMOawNMOadX9X01PH4l942wU
                        MD5:0AE36197E5281E58792EF04BBD3A8E20
                        SHA1:E004BAE12BFF537536DDCAEA86F461B16C712915
                        SHA-256:FEF03BD1CCFC908867B8049831E415E5D2301BA9DC196B5F9FE0C0EC01052BEC
                        SHA-512:CF753C9D8BFD255D2098B9D7D9ED5F3548B3CA90432FC6865187F4CEFF7CB1323957A5E4BFDA249256810E163F2C67E596FEADC169B7D29D07A9AEB2272144E3
                        Malicious:false
                        Preview:..-.....................K.yvn%<Q...!...P.|>.!.=R..-.....................K.yvn%<Q...!...P.|>.!.=R........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:SQLite Write-Ahead Log, version 3007000
                        Category:dropped
                        Size (bytes):49472
                        Entropy (8bit):0.48394719344180986
                        Encrypted:false
                        SSDEEP:48:VOlFuTQ1acXLUll7DYMayqpzO8VFDYMaLBwNSBO8VFDYML:VOLuUQcXYll4LyqFjVGLLBwN4jVGC
                        MD5:94BC74463574AAB6A90452E98548ECF3
                        SHA1:C9A48A0F45F94128AD3438B6A4629B4E4D2B1A0E
                        SHA-256:803BC264476101CB31F7DFDCD7E25884CE30E5F8DA6715128F238F9C680AE9E3
                        SHA-512:475504DAD4D6E5F25DC6A7EB43E404EE10883EA4D773C2D58F8EF8A720C65D11449747FC8C458A88FAD752C6ACD9CC07D38B0F3BF4FD8F0A9074598A667DC784
                        Malicious:false
                        Preview:7....-.............!...P.....MwT...........!...P[.t.0{."SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{B817E3FE-EA0B-4676-984C-8FE70A3B16E3}.tmp

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):45672
                        Entropy (8bit):4.827155044392047
                        Encrypted:false
                        SSDEEP:384:0QQQgQ+Qg4dO+mmtOTgT+TgT+a1g64OXMttiOaddOcV4+6jjjjjjegOFd1dvPZpw:lxYNObVh6jjjjjjelPd3BOR
                        MD5:5DB1828D825E3A84DA32DCFDB197B815
                        SHA1:61BE0C98C8DCF274B658D75378433DD83AB4B1DA
                        SHA-256:5AAF1D9E352A175CF89CA30894043C1799A084B7477FC8A12A9610674AA3F890
                        SHA-512:CBBE0E1608B9952A4944D79CD94797E3416ED16572B78210E4A31243514ABA108A253EC4D40D28B6A7E34BF0A59D8CB654F7CB9F548C1E1195D2F759ABB08DA4
                        Malicious:false
                        Preview:....U.p.d.a.t.e.s. .z.u. .I.h.r.e.m. .T.e.r.m.i.n.k.o.n.t.o. .i.m. .v.i.e.r.t.e.n. .Q.u.a.r.t.a.l. ..... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. .... ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. ... .. .... ... .. ... .. ... .. ... .. ... .. ... ...............f........................................................................... ..."...$....................................................................................................................................................................................................................................................................................................................................$.a$.*...$..$.If........!v..h.#v....:V.......t.....6......5.......4

                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728889985669638000_7F008117-4C47-43A1-A8B0-7A0FB45CB842.log

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:ASCII text, with very long lines (28769), with CRLF line terminators
                        Category:dropped
                        Size (bytes):20971520
                        Entropy (8bit):0.18286627005927553
                        Encrypted:false
                        SSDEEP:1536:OeQEv4YRT6x/Q6IZt9/B7XCjMZwBOXDJ8cl9U+jEPqDyBM/rlo5MoHJ/XL1qrG9P:j4wq/QB/BiIIYcv
                        MD5:8C01C14783580BFE7FDE43F625AF7B40
                        SHA1:B2DE9460998AEAF24FDE8B7E65E043BFD314E18E
                        SHA-256:741D41F51E7A0B2021DD97C2DBCC429FC91427BF9D0B00D623779A0427DCF85F
                        SHA-512:51CC63AA32B9ECDAF1A531CD158A47EF96B340893C5EEA1927F7CE0E786904AD201A0FC6A43403FFA95E3F2B6C81657D8D97DC0F8EC251E9D79542B1F1057053
                        Malicious:false
                        Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/14/2024 07:13:05.715.OUTLOOK (0x1E9C).0x1EA0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.GDIAssistant.HandleCallback","Flags":30962256044949761,"InternalSequenceNumber":22,"Time":"2024-10-14T07:13:05.715Z","Contract":"Office.System.Activity","Activity.CV":"F4EAf0dMoUOosHoPtFy4Qg.4.9","Activity.Duration":14,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.GdiFamilyName":"","Data.CloudFontStatus":6,"Data.CloudFontTypes":256}...10/14/2024 07:13:05.731.OUTLOOK (0x1E9C).0x1EA0.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Text.ResourceClient.Deserialize","Flags":30962256044949761,"InternalSequenceNumber":24,"Time":"2024-10-14T07:13:05.731Z","Contract":"Office.System.Activity","Activity.CV":"F4EAf0dMoUOosHoPtFy4Qg.4.10","Activity.Duration":11298,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":true,"Data.JsonFileMajorV

                        C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1728889985670266700_7F008117-4C47-43A1-A8B0-7A0FB45CB842.log

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):20971520
                        Entropy (8bit):0.0
                        Encrypted:false
                        SSDEEP:3::
                        MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                        SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                        SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                        SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                        Malicious:false
                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241014T0313050262-7836.etl

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):106496
                        Entropy (8bit):4.495027043831113
                        Encrypted:false
                        SSDEEP:768:slqYYkuH5P5vMU42/K521o0tgP9t8c4/pFP0uXrdKWNWnrZWVWz+T9jvR:sla4T5wy9t8c4/kuXcn+T/
                        MD5:367E027C3ABD0DAD3C126EAE3C8193EF
                        SHA1:6A5FBE246F7FBE2A86623183B407620D297E19D6
                        SHA-256:5A644EFC8334CFF5D7D7AC648DEECCFB5F3556BB89A5D5B7E368AD8D7DD3A857
                        SHA-512:A98539A7583B92FB80B8A66BF933355DBCDF44B3ADFEB9BC735395A089782BCE9E88C6441C0606CB9EDFBAC80E1F33DE9290BF2C445A3756371BFC4F79B27DAA
                        Malicious:false
                        Preview:............................................................................`............g......................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................?..j............g..............v.2._.O.U.T.L.O.O.K.:.1.e.9.c.:.e.a.9.b.7.6.1.8.c.c.b.5.4.5.9.2.8.5.8.e.2.4.8.f.2.0.7.f.4.9.5.b...C.:.\.U.s.e.r.s.\.b.r.o.k.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.1.4.T.0.3.1.3.0.5.0.2.6.2.-.7.8.3.6...e.t.l.......P.P..........g..............................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):30
                        Entropy (8bit):1.2389205950315936
                        Encrypted:false
                        SSDEEP:3:r6rt:u
                        MD5:12A674A0DBE57EC5DF169CA84E287D44
                        SHA1:1C81A7FAC485DAB0104CFC866BBF57F8155F4FB5
                        SHA-256:20D943DDD0AEA8CAF0D9F5921B63151A514275D3B81BD54CB2FB0A3047EFD922
                        SHA-512:44ACEF38F5527189D8913E415FB2C4E5DBFF5C5E0EE43F073108D607D4ECA4AE77EF7B7934B4ED9C7BD90C1EC3B2A01A3269740B4E4F1452264CC607C6CBECAC
                        Malicious:false
                        Preview:....\_........................

                        C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):14
                        Entropy (8bit):2.699513850319966
                        Encrypted:false
                        SSDEEP:3:QH67vln:Qa79
                        MD5:02D52CC7E56EDC72F48B849DD008B370
                        SHA1:15B9F79906EDFC98224F857DEC8528D02DD68107
                        SHA-256:86C89C4C21847C61EE136A4B19FC5A701D1C387A4B50A728BEBB2CFF56AC4855
                        SHA-512:50B53DCAF8A68B2DEBF8B0D43EFA5C3F97079ECB675044801F5F0B69DDB174635A90E1D88041B2361087CA9959B0BD9431568497646CBAFB548EA2A677AF5789
                        Malicious:false
                        Preview:..b.r.o.k.....

                        C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:Microsoft Outlook email folder (>=2003)
                        Category:dropped
                        Size (bytes):271360
                        Entropy (8bit):3.3353044650944303
                        Encrypted:false
                        SSDEEP:1536:AMTqUHLxBiiFK/IfINUnlrd0odT3cr1x6yeLjIM5G2Dt3NDIiLEKLN/TGT/JW53e:AolUt8jIM5G2PEG7+Pp9SQop9
                        MD5:E22FD5B9EC8C44A80696FD92E1AFBCA3
                        SHA1:0DB1465B7AA47BBBAAE720A8F369AA80C8A6213B
                        SHA-256:D8CAF5366B1E499B343B0C4D567C6DCD7C4CCE2AF3BD8DF9BB779C92D4BC003F
                        SHA-512:AC216CD8770B36398D852F752CEBC31E642CCB99409D25D9A285A208BD1DF5DC20AAD4A9EBDC1AD136A4C021376403EF78A94C762940CBB7E3FD6D924BF3CC4F
                        Malicious:false
                        Preview:!BDN...SM......\...?\..................Y................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................l........(C..P......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

                        Download File
                        Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                        File Type:data
                        Category:dropped
                        Size (bytes):131072
                        Entropy (8bit):4.495558429513159
                        Encrypted:false
                        SSDEEP:1536:RW53jEpEHP4qQ10PAwr1ADOsMIt3N9ziiziLEKLpKW53jEpEHP4qQ10PAwrKsuTs:fp9+aSEaIp9vty
                        MD5:0A0CD93AE3CC8B98196B23874CCED08B
                        SHA1:8EF5683D98E3A9910F2B12624587998262AAFF3B
                        SHA-256:B3BF87856645B0FCF869ECE6ACE6945F38FCF6105B4797CC1C69467B3FE7C885
                        SHA-512:B220746F51F2E1BC665F78F431F6FE6300461F166DC2A6ADA926A988913C4411B05F8B4D6CBAAC7A374710A897305EDC5EEFE37F8318CB998B7CFA832160C49B
                        Malicious:false
                        Preview:m..}C...n............ .......................#.!BDN...SM......\...?\..................Y................@...........@...@...................................@...........................................................................$.......D.......:..........................................................................................................................................................................................................................................................................................................................l........(C..P... ..........B............#.........................................................................................................................................................................................................................................................................................................................................................................................................

                        Static File Info

                        General

                        File type:RFC 822 mail, ASCII text, with very long lines (322), with CRLF line terminators
                        Entropy (8bit):5.957468931659008
                        TrID:
                        • E-Mail message (Var. 5) (54515/1) 100.00%
                        File name:Updates f#U00fcr Ihr DigiKey-Konto.eml
                        File size:55'833 bytes
                        MD5:90d118777d9297e8337a29867d279626
                        SHA1:be84ed5ba58d80e561730854908e69ab8d126a96
                        SHA256:75c1bda2422df3689b9e0d773649b7d9ac9e86da35506389426d6c5fa6f68998
                        SHA512:733d10fd9c0c3a4a791c2f93207b27b3f14fff54fd2d00230355453d2fb176dd37b4139415bd4970cb755051e3a7f7a4bc993316911d12c22caeed7fed342da6
                        SSDEEP:768:Req9/ibxkR9G4Hty11ZxbcgbxujO5ELZ6Zi2tAqfC8e5u7FvK1iYwsGMPbGeT8Lb:Reqkbs9NN6EgRELZAlEtvQ
                        TLSH:7A436D9364433721E5508A006C1E5F8723737D8A3DF3D0A9112FABB206589AA2DFBED5
                        File Content Preview:Received: from GV1PR08MB10369.eurprd08.prod.outlook.com (2603:10a6:150:a6::9).. by DB3PR08MB8890.eurprd08.prod.outlook.com with HTTPS; Thu, 10 Oct 2024.. 17:47:50 +0000..Received: from DUZPR01CA0192.eurprd01.prod.exchangelabs.com.. (2603:10a6:10:4b6::15)

                        Static Mail

                        General

                        Subject:Updates fr Ihr DigiKey-Konto
                        From:DigiKey <DigiKey@e2.clk20.com>
                        To:Accounting SBOT <accounting@sbo.co.at>
                        Cc:
                        BCC:
                        Date:Thu, 10 Oct 2024 17:45:49 +0000
                        Communications:
                        • Updates zu Ihrem Terminkonto im vierten Quartal [DigiKey]<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.digikey.at%253futm_medium%253demail%2526utm_source%253dcsn%2526utm_campaign%253dclk20comb%3a221053-100505_CSN24CMM1%2526utm_content%253dDigiKeyLogo_AT%2526utm_cid%253d&c=E,1,HpCcAtsbpCegpKKqJ9Y5uFcA_ydFOa8bwbyPDmQPWZrYVAHSEO4EBUFk2oBVcoOSlhj1U-BBO3hqrTRAz1S8XP6noRCD2_d6D_dY_HcwfLi_OKAuOxCdCkg,&typo=1> Sehr geehrte Kundin, sehr geehrer Kunde, Ab Mitte des 4. Quartals (Q4) 2024 werden Sie einige Neuerungen in Ihrem Terminkonto bei DigiKey feststellen. Wir hoffen, dass diese nderungen Ihr Erlebnis mit uns verbessern werden. Handlungsbedarf: Bitte stellen Sie sicher, dass Ihre Rechnungs- und Zahlungsinformationen korrekt sind<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252finfo.digikey.com%252fCSN24CMM1_DE_ContactInfo.html%253futm_medium%253demail%2526utm_source%253dcsn%2526utm_campaign%253dclk20comb%3a221053-100505_CSN24CMM1%2526utm_content%253dform1link_AT%2526an%253d4103032%2526utm_cid%253d&c=E,1,xH3Vtmujtk8T77PpcYr60sIEk7ONq7byJ0WeGSbg-Wg9DsECPLWg8q_blo5Qr65n7rmozQ8Db4S8ac3XMnX5M85Vbrff7XmtzF0F-CV8SiVN7fRhnQ,,&typo=1>. Format des Kontoauszugs: Der Kontoauszug wird nur noch im Excel-Format verfgbar sein. Die Informationen auf dem Kontoauszug werden weitgehend identisch sein. Das Format wird die deutlichste nderung sein. Zu den nderungen gehren die Entfernung des laufenden Saldos und Anpassungen bei den beralterungsbereichen. Rechnungskopien werden nicht mehr in der E-Mail mit dem Kontoauszug enthalten sein. Ein Online-Portal fr das Rechnungsmanagement ist jedoch in Krze verfgbar! Benachrichtigen Sie mich, wenn das Portal verfgbar ist<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252finfo.digikey.com%252fCSN24CMM1_DE_Portal.html%253futm_medium%253demail%2526utm_source%253dcsn%2526utm_campaign%253dclk20comb%3a221053-100505_CSN24CMM1%2526utm_content%253dform2link_AT%2526utm_cid%253d&c=E,1,t5Nx4nstnxVUujvigArmGf7XKnJPMdgUUco8YTPFI4qeO-rK4ljcVEgNoqfojClcgAzQgOougflrW184S3yJmAYv65F9-oxQQjVWjV1QjrCztukTRue2&typo=1> Gutschriften: Die Gutschriften werden systematisch auf die entsprechende Rechnung bertragen. Wenn die Rechnung vollstndig beglichen wurde, verbleibt das Guthaben zur weiteren Verwendung auf Ihrem Konto. Erinnerungen an berfllige Rechnungen: Sollte Ihr Terminkonto bei DigiKey berfllig werden, erhalten Sie eine automatische Zahlungserinnerung. Wenn Ihr Konto berfllig ist, kann es zu Verzgerungen beim Versand Ihrer Bestellungen kommen. Aktualisierungen im November: Bitte beachten Sie, dass whrend der Umstellung keine Auszge zur Verfgung stehen werden. Mit freundlichen Gren, DigiKey-Buchhaltung accounting@digikey.com<mailto:%20accounting@digikey.com?Subject=Updates%20fr%20Ihr%20DigiKey-Konto> [DigiKey]<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.digikey.at%253futm_medium%253demail%2526utm_source%253dcsn%2526utm_campaign%253dclk20comb%3a221053-100505_CSN24CMM1%2526utm_content%253dDigiKeyLogoFooter_AT%2526utm_cid%253d&c=E,1,6hM8f5BW5o4baVSPyX-h_DrVrb4e6c1b8fX1AC8fXVzRcmklbZdgzwjDtVFigo7A3boecsxzALcFJAPCug6SUmZaAVm2EX6i0Is9D23vbosVxPREsh3pmH4idg,,&typo=1> [Facebook]<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.facebook.com%252fdigikey.electronics%252f&c=E,1,u73Q6m00A8-jgQewHLfawMD6AzLqxxPpp-ZTFYwDY2RqihGUnDZLxCNXIqR_cnoe7IkMNcffwshYidqKqptb8RKtMXKk87K89rPYJKvk77aXKe1Se_4YOyOzbf4,&typo=1> [X] <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252ftwitter.com%252fdigikey&c=E,1,iwnpDQ1QNTl0E2gDVUh1CNknP6W94-qcI8ILMOLrCH-yDmD1pm1YAxHMDNONygTYQne4EensANNHbMlBCENL-rV6WEHkA4kymAKiM88tvhqlexccWjBYk9iuTp3w&typo=1> [Youtube] <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.youtube.com%252fuser%252fdigikey&c=E,1,cpR0pzLqGYZ15EplopRkLys0N6FNFLpm_q62nSzbYKqh0wlODdLZiPO9PHTcLp3VBZoPuyBa9DzGv6BjlcWNf1B3Mn4zKhN2OKcNhPohjhX46QrPEOqCUlq8&typo=1> [Instagram] <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.instagram.com%252fdigikey&c=E,1,Tqbcdm_pEtIlg2-8g_pRusmoIcVC5gz8PDk8H0Nq_BjlnMokivE1yOaGxr-mWi8Kmt1Etgfyr7hlpg-U8_8PwjQ5QyA-tE_62E6a_iWqQq3g4_C9fNnUIqxV&typo=1> [LinkedIn] <https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.linkedin.com%252fcompany%252fdigikey&c=E,1,PQjXkyZyYcc_dzlkk2rkp40QF2V3oxcbe3SkXjLE1dZ_dkapT0-OLjUfmsbDWN-RWM09EHm99l6yl1Nl51H_lzNmB4L409aNTTZcI7rVggqQ&typo=1> 2024 DigiKey 701 Brooks Avenue South Thief River Falls, MN 56701 Datenschutzerklrung<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fr.clk20.com%2fs.ashx%3fms%3dclk20comb%3a221053_100505%26e%3dACCOUNTING%2540SBO.CO.AT%26eId%3d72534635%26c%3dh%26url%3dhttps%253a%252f%252fwww.digikey.at%252fde%252fhelp%252fPrivacy%253futm_medium%253demail%2526utm_source%253dcsn%2526utm_campaign%253dclk20comb%3a221053-100505_CSN24CMM1%2526utm_content%253dfooterPrivacy_AT%2526utm_cid%253d&c=E,1,lVSYsw8kRKUSos-INdKj80e24SeJQ3Yk4L2mnPATE0m4ky0BU1AxG4lHd5_H7zR4wmuYEUcS51BosqDI2R8rbogQFTRClTTBEGF93I4wyvIiBc_8TI8,&typo=1> | Abbestellen<https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fwww.digikey.at%2fclassic%2fEmailUnsubscribe.aspx%3flang%3dde%26e%3dACCOUNTING%40SBO.CO.AT%26x%3d&c=E,1,M5xZTFWBvQyoHHm8-oX6yNs35MgcWT6NqKXhezdQNS5nkhzgVgDZ5GR6wZ__AJWKVkMHgiraJ6ZZ-9yqXi3GDLAJIk5fF2wMjTPmKnBWYsxPUg,,&typo=1> CSN24CMM1 - AT
                        Attachments:

                          Headers

                          Key Value
                          Receivedfrom RC-MESSAGEGENER (10.25.10.7) by mx2.e2.clk20.com id h109e830m846 for <ACCOUNTING@SBO.CO.AT>; Thu, 10 Oct 2024 13:46:06 -0400 (envelope-from <bounce.221053.72534635@bounce.e2.clk20.com>)
                          FromDigiKey <DigiKey@e2.clk20.com>
                          ToAccounting SBOT <accounting@sbo.co.at>
                          SubjectUpdates fr Ihr DigiKey-Konto
                          Thread-TopicUpdates fr Ihr DigiKey-Konto
                          Thread-IndexAQHbGzyGGTnxVz44cEKyWTnYbKP/nQ==
                          DateThu, 10 Oct 2024 17:45:49 +0000
                          Message-ID<6F2DF91106A2CA24CF6D16422345916E71AFFB4A@RC0MESSAGEGENER>
                          List-Unsubscribe<mailto:abuse@e2.clk20.com>
                          Reply-To"reply@clk20.com" <reply@clk20.com>
                          Content-Languageen-US
                          X-MS-Exchange-Organization-AuthAsAnonymous
                          X-MS-Exchange-Organization-AuthSourceDB1PEPF000509FD.eurprd03.prod.outlook.com
                          X-MS-Has-Attach
                          X-MS-Exchange-Organization-Network-Message-Id221b4aab-70b0-447a-0c6f-08dce953708e
                          X-MS-Exchange-Organization-SCL-1
                          X-MS-TNEF-Correlator
                          X-MS-Exchange-Organization-RecordReviewCfmType0
                          x-ms-exchange-organization-originalclientipaddress35.157.190.227
                          x-ms-exchange-organization-originalserveripaddress10.167.242.39
                          received-spfpass (mx-inbound11-207.eu-central-1a.ess.aws.cudaops.com: domain of bounce.221053.72534635@bounce.e2.clk20.com designates 198.47.13.117 as permitted sender)
                          x-forefront-antispam-reportCIP:35.157.190.227;CTRY:DE;LANG:de;SCL:-1;SRV:;IPV:NLI;SFV:NSPM;H:egress-ip15a.ess.de.barracuda.com;PTR:egress-ip15a.ess.de.barracuda.com;CAT:NONE;SFS:(13230040)(31092699021)(69100299015)(1032899013)(5063199012)(4123199012)(4022899009)(2092899012)(12012899012)(5073199012)(3072899012);DIR:INB;
                          dkim-signaturev=1; a=rsa-sha256; c=relaxed; s=PMTADKIM; d=e2.clk20.com; h=MIME-Version:Date:Message-ID:Content-Type:Reply-To:List-Unsubscribe:From: Subject:To; i=DigiKey@e2.clk20.com; bh=kZV6OOsgRnQ3VWdAzWHk2PTaSmkA3bWdtWS8sV6F9CQ=; b=eSEpXcw2Jy0c3H4C6xeQHKAhZgEzchaJZmT87eXRcRZtWVQPaNMO+uHPAOjjU75Ury0//zwH1Q/g GklHYnHRWb7cZDmV/f4a+8WcRAtHqgHTEDWsiE+muVEieBpX5kMZvUL3Wd/CTxwOfeLs9aWyu80y EBePqqmYrkHyeZvHgEw=
                          x-ms-publictraffictypeEmail
                          authentication-resultsspf=fail (sender IP is 35.157.190.227) smtp.mailfrom=bounce.e2.clk20.com; dkim=fail (body hash did not verify) header.d=e2.clk20.com;dmarc=fail action=none header.from=e2.clk20.com;compauth=none reason=405
                          X-Microsoft-Antispam-Mailbox-Deliveryucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097)(140003);
                          X-Microsoft-Antispam-Message-InfoLZHCG+Fbk/G89gSV2h5k/4WwhR+VAlrLG7F4xy4xUZjWLJA1ZErb9b8MfgFfyA4xVUONsd7W9DiOy2OtxHjQiqMT4Mt7av742U/GKTLDOr9zxITBRRnJel478f2nkba7Pqw/XSJUBF08IsxsK3z0D10ss89bgEnt9eJBRaK1ayR2CIF8gtiEz+jv8fUu7mkBMkY0tVTmdaIAfvcyhnBxfz+v8HhrO9L5wby0+0gGIOLX7EVybL/4IJhXWVEpijzaKeByv/04ejAw5XCstFP13dYyaWHpEgCU+yNFIu3wuXbH6H+YRf58PzUUcx9J4J71DmAq97qP+OvkGp8y3s5LbbUIFU3w1A1kGKBk7DxWAaWHb8/gBfNhb79PM/UqaumCK4TzkwdJ4At4tIubUl3ikczDyznugqfzYIMMHyUnhZeTT58WrNHZSjNZZeBrbD/pHtV4+AH5NptVmPxGcXNk0WEByUNtIvbg8pNe9QTsSTVy3BE9ryRusyZW2eDKjZ2kgK6CtayI1D9phYUIlbU8g4uvy8nJ4aWLiEabtqusw0KU16wIKUsIWDs9bzfUh3fnzmzx69kzTWfrb8975NRM37T30hwZHpK/qETMXp75RwbVxQUwAgMgRW076nRlaoK452Y0hJQb7Bo1S+Xo6lk6OHNL2BPZ+tLiY8Vtk+CXfr7q9qM9sZUji+mGgINL6HSFWJG72rj8Hau+kjEwNnHHWRVOEYzT7Vpm3ZFdyT32eZYyLGA2h5oE70NfJCrdU4+Iemyl0VYMvpDuk9NfoSR6ZUyWtU4rSX8Bw0CDr7xW7kk+ho0z6ZOf0k9Ru96rhIjrVpJ7IZYrDhvcjo8MiZrJGDpabyBKmEE9MnX7jsgupuvRnll/BWLg5ZXfrFN6uWVLtCApvKyNGYY9CpeVNFmppZ/UCnEgdFbM5Y8poDfbJhvv2B7f5wxHSEfU6wLQYEwCcM4CKbjNAUv57gsAdMYC476O8SbjjeLHiVYbW3CanXBDck/KwCAumES+viT3pIrxZ393fTxqVTc60t16jgA93gUlbf/yUD/LBIHwN26WeamT/72jTH5OoOE1rpKVBpaVARLhzXkkTf8TA1+eDcQYx7YD4ie2qhUSgjIQb9HTbRhiNLJnB+Wq65Z03ALfDEKZv40Z34P3Eoeam4QSWPArc38nby2T6f8gYAvCu/otw8Lzc6T33I/zEKh0T3ZEtWHEyi7S9X5m2x4579IFLwxP+aKU98iEAckavFTux/rxw9TC6ChKZSHlVbEBd4ls7vgNK2CGy4iE+yJmd3MTALalQ+7DHnZ9GIRwBRsuFxDVuo5eotrOp/ZAAtwMT5Om7KsVx8iKvgGI7J/g+gWBEYfX2O3jSsszh0vK35nl6u5jWi738kbajBLU5XDuzG/s3AOIwWFZ94Oz11iK+1ZKhC2TUqCUxJrbakv/Et+AQx0OP0byA3U38Tb7qoQi7J7AfO7Tbo1ziiHGbACJh+YcENZijwq3RlGSEXmVCqlilLMVid64iq613UEBG+9IShWaE5NyJ4o890pH2PoWHv0DIKZTudQOPMSqf57tXP0lBz6BvkxINBo+5TsWTNw9/MviIZafTGCqkUZ7dkA1Ys/DV0ySx3SYG5xWQ5Rjzi2p6dZJwoMfwV58Y1j7tBEl+VWvw9uOb9YchzAChaAgu+0BS0oXXAUySAuoILskWOKu5yUnFPKEKYd2jKo+hbgTnUlaYWcl+5VjvP78FcJg9zROaa76uPu2nduSkYNju9E7TAyLp5aD9FAHHgcEcGDb1wHAl/e3h6ja04TOWWljhoxpQXws+M0KFS4buZCDTyCAo3NuKou1hQGpXfmSaqkDwZbNpn7DVYvMFdaB+mo/D6JjQp30OiZUlbPAoqZ0nvmpU4LYGGvtW8OoesOyBdtvFO4QXAa0kTLn5LEIEUrmCzCUDzKgSPfa+5BMae0Jx7p7dd+XCQpjhG7w48FNaTksb4iqA9A7N1+sQ4qvXG0zLp9rffDIijTtuydwWPFR0bsmj8adjJnaETKb7aGR18HDHLGHljN33G8nevalx8ct1jL3hC/um01X7UA9KEneLsnGkqU/n+Z2j5E7gVdkwVImQo/TkO/FrUEPPhhJefENwM1SH5V1ErKn6myfrcNrucopW4b44pyvZm2iXg4kv25CPBu3oQEPv9J3+LfxQxb4CYgdOu3MqAP8Rrfa1zjLNteC5jV27lly9M5juLweQ8gjLirXzhD1vXZoNhmM7Z2JH/GWMNN0drZhsAG9vG9gAtr6WTd9KakHts5YMriXbcfRno2LHBx7kzFmPD0OrLUPYaZR3paduqXkRgnM/qB+BhkTgEzqq/Ih6mf20kmQpDnfbjTnK8z15eOxJmb7rOsZ6pzakfKhn/xdzcZWgKSvB/jH5FhFJtYB/Zv/Cin/gxZAEhhTIOG6YsM8pXB5w0j8/LG50Yd/U+OyuqOTE8J99iiKmk+oHNIOeeRj+TcW4TkZibHss1sJbUwz68JWrggIyN8KkejTHg==
                          Content-Typemultipart/alternative; boundary="_000_6F2DF91106A2CA24CF6D16422345916E71AFFB4ARC0MESSAGEGENER_"
                          MIME-Version1.0

                          File Icon

                          Icon Hash:46070c0a8e0c67d6

                          Network Behavior

                          No network behavior found

                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:03:13:00
                          Start date:14/10/2024
                          Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                          Wow64 process (32bit):true
                          Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /eml "C:\Users\user\Desktop\Updates f#U00fcr Ihr DigiKey-Konto.eml"
                          Imagebase:0xea0000
                          File size:34'446'744 bytes
                          MD5 hash:91A5292942864110ED734005B7E005C0
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:false

                          General

                          Target ID:4
                          Start time:03:13:07
                          Start date:14/10/2024
                          Path:C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\ai.exe" "AED3CF7C-BB3A-4269-B858-3D3575017780" "2E97C19A-80CB-4608-9EDA-D18B55C11E4E" "7836" "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" "WordCombinedFloatieLreOnline.onnx"
                          Imagebase:0x7ff7ef400000
                          File size:710'048 bytes
                          MD5 hash:EC652BEDD90E089D9406AFED89A8A8BD
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:false

                          Disassembly

                          No disassembly