Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2_HAYTMMZVGE3DSMZYGE3DGNJRG3K2ESSGBODNFFNTHCSF4UBGVXYB7ZZZRYUADSCCWKBKFM3JUYJYC.ics

Overview

General Information

Sample name:2_HAYTMMZVGE3DSMZYGE3DGNJRG3K2ESSGBODNFFNTHCSF4UBGVXYB7ZZZRYUADSCCWKBKFM3JUYJYC.ics
Analysis ID:1538398
MD5:2721eaf560a62b300587a0e579e5a857
SHA1:723735cc50fa7f9a5797ea2a6d036e8d4050aeee
SHA256:08fc61fc0ce64247bfb3836e0d4e9afd9b7718ae958e8744e0abf4e13333ee55
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 2948 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Desktop\2_HAYTMMZVGE3DSMZYGE3DGNJRG3K2ESSGBODNFFNTHCSF4UBGVXYB7ZZZRYUADSCCWKBKFM3JUYJYC.ics" MD5: 91A5292942864110ED734005B7E005C0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.aadrm.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.aadrm.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.cortana.ai
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.microsoftstream.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.office.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.onedrive.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://api.scheduler.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://app.powerbi.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://augloop.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://augloop.office.com/v2
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://canary.designerapp.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.entity.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cortana.ai
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cortana.ai/api
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://cr.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://d.docs.live.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dev.cortana.ai
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://devnull.onenote.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://directory.services.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ecs.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://edge.skype.com/rps
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://graph.windows.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://graph.windows.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ic3.teams.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://invites.office.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://lifecycle.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://login.microsoftonline.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241021T0131230150-2948.etl.0.drString found in binary or memory: https://login.windows.localnull:
Source: OUTLOOK_16_0_16827_20130-20241021T0131230150-2948.etl.0.drString found in binary or memory: https://login.windows.locals.SecuR
Source: App1729488684444575300_FEA2CD96-2940-4E4C-9C10-6E57C5D29C47.log.0.drString found in binary or memory: https://login.windows.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://make.powerautomate.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://management.azure.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://management.azure.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.action.office.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://messaging.office.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://mss.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ncus.contentsync.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://officeapps.live.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://officepyservice.office.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://onedrive.live.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office365.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office365.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://powerlift.acompli.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://res.cdn.office.net
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://service.powerapps.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://settings.outlook.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://staging.cortana.ai
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://substrate.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://tasks.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://webshell.suite.office.com
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://wus2.contentsync.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: 6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean0.winICS@1/13@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\FORMSJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Temp\Outlook Logging\Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception2
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Modify Registry		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://login.windows.net0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://api.microsoftstream.com/api/0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:14436FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.net6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectors6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/appinfo/query6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkey6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://powerlift.acompli.net6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://rpsticket.partnerservices.getmicrosoftkey.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://lookup.onenote.com/lookup/geolocation/v16FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://cortana.ai6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://api.powerbi.com/v1.0/myorg/imports6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://cloudfiles.onenote.com/upload.aspx6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://entitlement.diagnosticssdf.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://api.aadrm.com/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://ofcrecsvcapi-int.azurewebsites.net/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://canary.designerapp.6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://ic3.teams.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://www.yammer.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://api.microsoftstream.com/api/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalseunknown
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://cr.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
  • URL Reputation: safe
unknown
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
    		unknown
    https://messagebroker.mobile.m365.svc.cloud.microsoft6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
    • URL Reputation: safe
    		unknown
    https://otelrules.svc.static.microsoft6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      		unknown
      https://portal.office.com/account/?ref=ClientMeControl6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://clients.config.office.net/c2r/v1.0/DeltaAdvisory6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://edge.skype.com/registrar/prod6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://graph.ppe.windows.net6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://res.getmicrosoftkey.com/api/redemptionevents6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://powerlift-frontdesk.acompli.net6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://tasks.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://officeci.azurewebsites.net/api/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://sr.outlook.office.net/ws/speech/recognize/assistant/work6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://api.scheduler.6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
      • URL Reputation: safe
      		unknown
      https://my.microsoftpersonalcontent.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
        		unknown
        https://store.office.cn/addinstemplate6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.aadrm.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
        • URL Reputation: safe
        		unknown
        https://edge.skype.com/rps6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
        • URL Reputation: safe
        		unknown
        https://outlook.office.com/autosuggest/api/v1/init?cvid=6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
          		unknown
          https://globaldisco.crm.dynamics.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
          • URL Reputation: safe
          		unknown
          https://messaging.engagement.office.com/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
          • URL Reputation: safe
          		unknown
          https://login.windows.localnull:OUTLOOK_16_0_16827_20130-20241021T0131230150-2948.etl.0.drfalse
            		unknown
            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://dev0-api.acompli.net/autodetect6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://www.odwebp.svc.ms6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.diagnosticssdf.office.com/v2/feedback6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.powerbi.com/v1.0/myorg/groups6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://web.microsoftstream.com/video/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.addins.store.officeppe.com/addinstemplate6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://graph.windows.net6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://dataservice.o365filtering.com/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://officesetup.getmicrosoftkey.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://analysis.windows.net/powerbi/api6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://prod-global-autodetect.acompli.net/autodetect6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://substrate.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office365.com/autodiscover/autodiscover.json6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://consent.config.office.com/consentcheckin/v1.0/consents6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
            • URL Reputation: safe
            		unknown
            https://d.docs.live.net6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
              		unknown
              https://safelinks.protection.outlook.com/api/GetPolicy6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
              • URL Reputation: safe
              		unknown
              https://ncus.contentsync.6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
              • URL Reputation: safe
              		unknown
              https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                		unknown
                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                http://weather.service.msn.com/data.aspx6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://apis.live.net/v5.0/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://officepyservice.office.net/service.functionality6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://templatesmetadata.office.net/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://messaging.lifecycle.office.com/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://mss.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://pushchannel.1drv.ms6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://management.azure.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office365.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://login.windows.netApp1729488684444575300_FEA2CD96-2940-4E4C-9C10-6E57C5D29C47.log.0.drfalse
                • URL Reputation: safe
                		unknown
                https://wus2.contentsync.6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://incidents.diagnostics.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://clients.config.office.net/user/v1.0/ios6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://make.powerautomate.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.addins.omex.office.net/api/addins/search6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://insertmedia.bing.office.net/odc/insertmedia6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office365.com/api/v1.0/me/Activities6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.office.net6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://incidents.diagnosticssdf.office.com6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://asgsmsproxyapi.azurewebsites.net/6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown
                https://clients.config.office.net/user/v1.0/android/policies6FA53ECA-46F6-4077-8C59-481796B8F6F9.0.drfalse
                • URL Reputation: safe
                		unknown

                World Map of Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1538398
                Start date and time:2024-10-21 07:30:31 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 4m 12s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:2_HAYTMMZVGE3DSMZYGE3DGNJRG3K2ESSGBODNFFNTHCSF4UBGVXYB7ZZZRYUADSCCWKBKFM3JUYJYC.ics
                Detection:CLEAN
                Classification:clean0.winICS@1/13@0/0
                Cookbook Comments:
                • Found application associated with file extension: .ics

                Warnings

                • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 52.109.32.7, 20.189.173.2
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, osiprod-ukw-buff-azsc-000.ukwest.cloudapp.azure.com, eur.roaming1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, ecs.office.com, self-events-data.trafficmanager.net, client.wns.windows.com, ukw-azsc-000.roaming.officeapps.live.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, onedscolprdwus01.westus.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadFile calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):118
                Entropy (8bit):3.5700810731231707
                Encrypted:false
                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                MD5:573220372DA4ED487441611079B623CD
                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):245980
                Entropy (8bit):4.359346490774853
                Encrypted:false
                SSDEEP:3072:ZKCg9wcgQmiGu2jqoQYrt0FvmF95nmEWu:EQYmi22K95mEf
                MD5:F1FE7310CD25B3DA34B6A498519F349E
                SHA1:58B83F0E726037FBFF459CE255A992D163491DEA
                SHA-256:A5831E23B1BEE9D2CAF07EC4C242D141BFDDBD17CE5070707105B1715C8DD846
                SHA-512:01F5B4D747068443745C7323192D037480BA87DC278B0A8906A318A0A7CDB0329C7E6785FA8ED0EAE2B9CA708A5BA400EB456885E9C59B6180533A57FEE2D014
                Malicious:false
                Reputation:low
                Preview:TH02...... .`..yz#......SM01........0..xz#..........IPM.TaskRequest.Decline........h...............h.......j....H..h..............hH.X......,8wH..h.... ..........h....0..........h...............h..........P....h=i;.H.....`....h.<T.P....}.j...0....\...|AT........l.........2h...............k.d=...........!h0-.j....,..... h..P.....H.X...#h....8.........$h........@....."h........H.X...'h.........P.j..1h\.X...........0h........\...../ht...........H..h...j ... .....-h....0.........+hH.X.4....................... ..............FS..............FIPM.TaskRequest.Decline.Form.d.dStandard.tanTask Decline.PM.IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1111110000000000.icrMicrosoft.isThis form is used to decline a task request.........kf...... ..........&...........(.......(... ...@...............................................................................................................................D@..............D@x.............DG...p..........DH..www.wwp.....

                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6FA53ECA-46F6-4077-8C59-481796B8F6F9

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):178267
                Entropy (8bit):5.290271972724393
                Encrypted:false
                SSDEEP:1536:mi2XfRAqFbH41gwEwLe7HW8QM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:QCe7HW8QM/o/TXgk9o
                MD5:0F520D77E293263080213D2AE6B88CAF
                SHA1:D2AEBED783C6C6EF8DC200964B7C3035440011AE
                SHA-256:57A1D121362A7C3DED9C99D224FA32E71FCD1EE2F9253CDDB4C84277BBF9ED87
                SHA-512:4F4C6F512287AB16EE49288A785D42CAAA94314611728A1B3BD676DEE3377C732192CD924BB3C985EF55742DACCE945CE7968AFB25AB70CA5E77370FACD5FD1B
                Malicious:false
                Reputation:low
                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-21T05:31:27">.. Build: 16.0.18209.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                Category:dropped
                Size (bytes):4096
                Entropy (8bit):0.09216609452072291
                Encrypted:false
                SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                MD5:F138A66469C10D5761C6CBB36F2163C3
                SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                Malicious:false
                Reputation:high, very likely benign file
                Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):4616
                Entropy (8bit):0.13760166725504608
                Encrypted:false
                SSDEEP:3:7FEG2l+il/FllkpMRgSWbNFl/sl+ltlslVlllfllj:7+/lng9bNFlEs1EP/T
                MD5:2643ED317FEB697B98CB74DF169DEB73
                SHA1:32DAA3E560875BE24860955506B7B73E481F5C1E
                SHA-256:160A86158F4D25816D86274B8B7A11811EBA57AE39E8015D3F06C8F073CE52CF
                SHA-512:FBA0586E4FDF6D8DF25FA907B494EDF7139A1DC49D5E45CF27447608ECC048AEE57C6CF4A36A3DC6E02EBEEE89A63CCF2230C7B5C8058A8D6371413AFEFED21A
                Malicious:false
                Reputation:low
                Preview:.... .c.....p......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):0.04469776553406731
                Encrypted:false
                SSDEEP:6:G4l2x6HIB0jl2x6HIB0JML9XXPH4l942U:l2xs52xspM5A0
                MD5:429883ADD55C43CBF8C6BFC4322893B8
                SHA1:0AAD0B9135CCDBC9FD25E5362D725739F96917EF
                SHA-256:DAE31B8FD70928AA0A077AA625C32D5FB8F2B67ACC27275A132D6007E8A5A0B0
                SHA-512:38D217AC573A0B76683C1E6CE4F8F27BF55038FD9AB4C6D2E60353C727827E737E81AEDC9E86668B849013444BD940AA4CC9B295A3D9B7D78FEFCA9E9ECCE7C2
                Malicious:false
                Reputation:low
                Preview:..-......................._........5...z9....t.O..-......................._........5...z9....t.O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite Write-Ahead Log, version 3007000
                Category:modified
                Size (bytes):45352
                Entropy (8bit):0.3951387099844386
                Encrypted:false
                SSDEEP:24:KIb1slQ3zRDjs4vhlUll7DBtDi4kZERD5Lzqt8VtbDBtDi4kZERDkz:LOQ1fs4XUll7DYMFLzO8VFDYMA
                MD5:52C55978738DD90E24E3D6BFFCF84D96
                SHA1:66CEFC65E338C424252F94A44D917042B1116D54
                SHA-256:B847B021FB7BCA7AE8151E04B8C370CE07C071E06EA8521D25E0150689C704FD
                SHA-512:FABDB94291E61ED4ECCBE90470DAB429A189E3DCDED41A96BD32ED6C9829E6D9D429C9F231CDAEBBD98E2BB4D20D807ED57EE5D3A5C2667A1E1842E971166694
                Malicious:false
                Reputation:low
                Preview:7....-.............5...z....<..8...........5...z.@w...<6SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):2278
                Entropy (8bit):3.839280264473151
                Encrypted:false
                SSDEEP:48:uiTrlKxsxxKxl9Il8uOrwT0XehBYZ1F4GUACAg4P16Ed1rc:vuYErwT0wuZ1uqv9PUD
                MD5:F9C833353240F1E2A6A5EFB65B6466A4
                SHA1:3F2EE2BC6580046A31A88ADFDADA5E534ECA7022
                SHA-256:41B4BDF7D43F7C2C4D9EE67178946093E44DCCEE3975C31850B568F930DEFBB9
                SHA-512:A8E91248C50C3385F4BA7F366D447BEB88253748383D269C50E0AA7153996616BC5856D4AADE6AD2DBE19062BBE9E914608636D289B3F3202F1E2932682DC193
                Malicious:false
                Reputation:low
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.K.D.s.2.4.I.j.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.9.H.3.+.B.g.

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):2684
                Entropy (8bit):3.90628922618964
                Encrypted:false
                SSDEEP:48:uiTrlKxJxX7xl9Il8uOzeK4lxLbSxo5Y+JV4GFsDS9qyDGuxd/vc:6YEzCltbgEJyGFsDSwyD4
                MD5:C71BE23E6692D8D89719C78A59C07B3F
                SHA1:F7A646E25CE91F2F1DDF491CDAFE0A1840FAC223
                SHA-256:2B5EA7F093CBEBA352D8C8495A479BC90C53C4E87D6AEF36647FF88A82BB84DA
                SHA-512:7E7A317BE7B85E40C39F4918507DCA2CF9088302F32512BF82D082515698A42A2EB2614831C83552C49DD363685AA2A4EDA9C2223E50C271FF0F44D44FD3B8EF
                Malicious:false
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".M.2.V.N.8.0.t.C.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.9.H.3.+.B.g.

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):4542
                Entropy (8bit):3.9958980368906594
                Encrypted:false
                SSDEEP:96:gYEPiO0z3ocX3Ao6gm85N71aEFJkALp0lv1fVsFB:gEzDQm1z90Fsr
                MD5:A445E07D565E413079CD799644381198
                SHA1:6F3A74D9B1568EF66B202B45EC07981F8DE86D01
                SHA-256:95BFA2E7A4DCBC1DF91B5423A567242475A947B0DED028C69EA041C438BB8C5D
                SHA-512:B278FC42766986F843F64A89E0700C359DCFF1413B7F1E1CE0CC38B6A6012333F43B6E6855FF4F553A3044562B1DEEB9CCF12B485ED4B117FFCBE06F157AF02D
                Malicious:false
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".0.E.x.x.w.X.o.j.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.9.H.3.+.B.g.

                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729488684444575300_FEA2CD96-2940-4E4C-9C10-6E57C5D29C47.log

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):20971520
                Entropy (8bit):0.007774593049167355
                Encrypted:false
                SSDEEP:192:LzYTKTYuLf1qdpDmcWU+cYj6/sFl/ST8pKD4NP5OczLBrH:v3TDLNq03cYe/Y/K8MDaxhvBj
                MD5:CA0CFFF8BC0EE6C66F672A15EEE3A377
                SHA1:6D7534F9C57C9679721C2D71EBFFD05F11FCE340
                SHA-256:107A994D09491E29E741D9A3726C7BB8629156B4091DAF322D5FB8C670026AE3
                SHA-512:61205CEFA588485F91E2441F8BFEC477C516A64E4562C082BB74FF6ECA8A713AC6DE34C513C8DD5539A607314D00A8081E664F353B7071241F91729215460D0F
                Malicious:false
                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/21/2024 05:31:24.681.OUTLOOK (0xB84).0xF98.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":20,"Time":"2024-10-21T05:31:24.681Z","Contract":"Office.System.Activity","Activity.CV":"ls2i/kApTE6cEG5XxdKcRw.10.1","Activity.Duration":289,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...10/21/2024 05:31:24.681.OUTLOOK (0xB84).0xF98.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":21,"Time":"2024-10-21T05:31:24.681Z","Contract":"Office.System.Activity","Activity.CV":"ls2i/kApTE6cEG5XxdKcRw.10","Activity.Duration":4171,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.Fail

                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729488684445149300_FEA2CD96-2940-4E4C-9C10-6E57C5D29C47.log

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):20971520
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3::
                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                Malicious:false
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T0131230150-2948.etl

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):139264
                Entropy (8bit):4.89954708108559
                Encrypted:false
                SSDEEP:1536:xmWYlvdwe8xyMQEC/MyQq5YZU2tsKyV1a7U:0sdyQM
                MD5:3893ECAF2BA18F8C3494CAE3CE9AE1FD
                SHA1:523EE140CA5066FB8EBDDA1CAD6740EC407B7EFB
                SHA-256:BC76BFC4E9A381D48F28C87830C535BAE384218BE2302F785DBA27C04B56E7C7
                SHA-512:CC8ED38D502558E105DF9CF3AC16F13E821D399F354BAE84C8904E5E7D8CDD9E52EF78D4F7AD6299CFDCA8C62D7E44E0613CDEC6C53CB004494F43C992B99B31
                Malicious:false
                Preview:............................................................................f.............Dwz#..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................sj.G.............Dwz#..........v.2._.O.U.T.L.O.O.K.:.b.8.4.:.b.c.e.d.6.d.5.0.6.d.1.b.4.f.3.b.8.b.0.d.b.f.1.1.b.1.d.4.6.2.0.1...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.1.T.0.1.3.1.2.3.0.1.5.0.-.2.9.4.8...e.t.l.........P.P...........Dwz#..................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:vCalendar calendar file
                Entropy (8bit):4.881965664898097
                TrID:
                • iCalendar - vCalendar (13006/1) 100.00%
                File name:2_HAYTMMZVGE3DSMZYGE3DGNJRG3K2ESSGBODNFFNTHCSF4UBGVXYB7ZZZRYUADSCCWKBKFM3JUYJYC.ics
                File size:4'515 bytes
                MD5:2721eaf560a62b300587a0e579e5a857
                SHA1:723735cc50fa7f9a5797ea2a6d036e8d4050aeee
                SHA256:08fc61fc0ce64247bfb3836e0d4e9afd9b7718ae958e8744e0abf4e13333ee55
                SHA512:ee0c181b15c6930279e392ecaa428aacc5c89c99ce8c881a5fa3c19b324cad19279e6109cc49526f1c2a1144ea4ffaf6e0314c71f0239afd1d10f0bff45dd617
                SSDEEP:96:E4JjfBZJBUaKceIFm1myWbJmB0UxvTEJrUE3IH:7JjBZJBUsysey1c
                TLSH:C991024D90323E90FB1A9A1619ECBAD916F738FF99DAD5F242D282DA1CE0410F07CC21
                File Content Preview:BEGIN:VCALENDAR..CALSCALE:GREGORIAN..PRODID:-//Apple Inc.//iPhone OS 18.0//EN..VERSION:2.0..BEGIN:VEVENT..ATTENDEE;CN=".... .......... ";CUTYPE=INDIVIDUAL;PARTSTAT=ACCEPTED;EMAIL=tals500.. i@gmail.com;ROLE=CHAIR:/aODE2MzUxNjkzODE2MzUxNpxIY4TQaBmE0RChB2JaP

                File Icon

                Icon Hash:69a88280a28280a2

                Network Behavior

                UDP Packets

                TimestampSource PortDest PortSource IPDest IP
                Oct 21, 2024 07:31:29.779160976 CEST53580661.1.1.1192.168.2.6

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:01:31:22
                Start date:21/10/2024
                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                Wow64 process (32bit):true
                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Desktop\2_HAYTMMZVGE3DSMZYGE3DGNJRG3K2ESSGBODNFFNTHCSF4UBGVXYB7ZZZRYUADSCCWKBKFM3JUYJYC.ics"
                Imagebase:0xf70000
                File size:34'446'744 bytes
                MD5 hash:91A5292942864110ED734005B7E005C0
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:false

                Disassembly

                No disassembly