Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
iCal-20241022.ics

Overview

General Information

Sample name:iCal-20241022.ics
Analysis ID:1538403
MD5:58c440bacf1c5015d6746e337261af0b
SHA1:57d9e2f23113cc05cf9bfba3c49084bf0dad1bd0
SHA256:e9e95355bd848e1c89f50de4e5b39564c4e3e5105fcdad83ac83bcf636b80e0e
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Stores large binary data to the registry

Classification

Process Tree

  • System is w10x64
  • OUTLOOK.EXE (PID: 4220 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Desktop\iCal-20241022.ics" MD5: 91A5292942864110ED734005B7E005C0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD41570.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.aadrm.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.aadrm.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.addins.omex.office.net/api/addins/search
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.cortana.ai
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.microsoftstream.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.office.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.officescripts.microsoftusercontent.com/api
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.onedrive.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/imports
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://api.scheduler.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://apis.mobile.m365.svc.cloud.microsoft
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://app.powerbi.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://augloop.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://augloop.office.com/v2
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://canary.designerapp.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designer-mobile
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/fonts
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-assets
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-dynamic-strings
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-home-screen
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.designerapp.osi.office.net/designerapp/mobile-toolbar
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.entity.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.hubblecontent.osi.office.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cdn.int.designerapp.osi.office.net/fonts
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/DeltaAdvisory
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cortana.ai
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cortana.ai/api
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://cr.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://d.docs.live.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://designerapp.azurewebsites.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://designerappservice.officeapps.live.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dev.cortana.ai
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://devnull.onenote.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://directory.services.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ecs.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ecs.office.com/config/v1/Designer
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://edge.skype.com/registrar/prod
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://edge.skype.com/rps
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/v2.1601652342626
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://fpastorage.cdn.office.net/%s
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://fpastorage.cdn.office.net/firstpartyapp/addins.xml
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://graph.windows.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://graph.windows.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/pivots/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ic3.teams.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://invites.office.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://lifecycle.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://login.microsoftonline.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://login.microsoftonline.com/organizations
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://login.windows.local
Source: OUTLOOK_16_0_16827_20130-20241021T0141470771-4220.etl.0.drString found in binary or memory: https://login.windows.localR
Source: OUTLOOK_16_0_16827_20130-20241021T0141470771-4220.etl.0.drString found in binary or memory: https://login.windows.localnull
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://make.powerautomate.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://management.azure.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://management.azure.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messagebroker.mobile.m365.svc.cloud.microsoft
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.action.office.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://messaging.office.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://mss.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ncus.contentsync.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://officeapps.live.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://officepyservice.office.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://officepyservice.office.net/service.functionality
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://onedrive.live.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://otelrules.svc.static.microsoft
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office365.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office365.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://outlook.office365.com/connectors
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://powerlift-user.acompli.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://powerlift.acompli.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://res.cdn.office.net
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://res.cdn.office.net/mro1cdnstorage/fonts/prod/4.40
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://safelinks.protection.outlook.com/api/GetPolicy
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://service.officepy.microsoftusercontent.com/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://service.powerapps.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://settings.outlook.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://staging.cortana.ai
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://substrate.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://tasks.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://templatesmetadata.office.net/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://useraudit.o365auditrealtimeingestion.manage.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://webshell.suite.office.com
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://word-edit.officeapps.live.com/we/rrdiscovery.ashx
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://wus2.contentsync.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: A75D2443-4831-4BF1-859C-11B512BE74D3.0.drString found in binary or memory: https://www.yammer.com
Source: classification engineClassification label: clean0.winICS@1/15@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user\AppData\Local\Microsoft\FORMSJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEFile created: C:\Users\user~1\AppData\Local\Temp\Outlook Logging\Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\outlook\ConfigContextData 1Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath InterceptionPath Interception2
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Modify Registry		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://api.diagnosticssdf.office.com0%URL Reputationsafe
https://login.microsoftonline.com/0%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://shell.suite.office.com:14430%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://designerapp.azurewebsites.net0%URL Reputationsafe
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize0%URL Reputationsafe
https://autodiscover-s.outlook.com/0%URL Reputationsafe
https://useraudit.o365auditrealtimeingestion.manage.office.com0%URL Reputationsafe
https://outlook.office365.com/connectors0%URL Reputationsafe
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://api.addins.omex.office.net/appinfo/query0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/tenantassociationkey0%URL Reputationsafe
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://lookup.onenote.com/lookup/geolocation/v10%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/imports0%URL Reputationsafe
https://cloudfiles.onenote.com/upload.aspx0%URL Reputationsafe
https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://entitlement.diagnosticssdf.office.com0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://canary.designerapp.0%URL Reputationsafe
https://ic3.teams.office.com0%URL Reputationsafe
https://www.yammer.com0%URL Reputationsafe
https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies0%URL Reputationsafe
https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive0%URL Reputationsafe
https://cr.office.com0%URL Reputationsafe
https://messagebroker.mobile.m365.svc.cloud.microsoft0%URL Reputationsafe
https://portal.office.com/account/?ref=ClientMeControl0%URL Reputationsafe
https://clients.config.office.net/c2r/v1.0/DeltaAdvisory0%URL Reputationsafe
https://edge.skype.com/registrar/prod0%URL Reputationsafe
https://graph.ppe.windows.net0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-user.acompli.net0%URL Reputationsafe
https://tasks.office.com0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://sr.outlook.office.net/ws/speech/recognize/assistant/work0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://edge.skype.com/rps0%URL Reputationsafe
https://globaldisco.crm.dynamics.com0%URL Reputationsafe
https://messaging.engagement.office.com/0%URL Reputationsafe
https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.diagnosticssdf.office.com/v2/feedback0%URL Reputationsafe
https://api.powerbi.com/v1.0/myorg/groups0%URL Reputationsafe
https://web.microsoftstream.com/video/0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://graph.windows.net0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://analysis.windows.net/powerbi/api0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://substrate.office.com0%URL Reputationsafe
https://outlook.office365.com/autodiscover/autodiscover.json0%URL Reputationsafe
https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios0%URL Reputationsafe
https://consent.config.office.com/consentcheckin/v1.0/consents0%URL Reputationsafe
https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech0%URL Reputationsafe
https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices0%URL Reputationsafe
https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json0%URL Reputationsafe
https://safelinks.protection.outlook.com/api/GetPolicy0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/0%URL Reputationsafe
http://weather.service.msn.com/data.aspx0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://officepyservice.office.net/service.functionality0%URL Reputationsafe
https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks0%URL Reputationsafe
https://templatesmetadata.office.net/0%URL Reputationsafe
https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios0%URL Reputationsafe
https://messaging.lifecycle.office.com/0%URL Reputationsafe
https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml0%URL Reputationsafe
https://mss.office.com0%URL Reputationsafe
https://pushchannel.1drv.ms0%URL Reputationsafe
https://management.azure.com0%URL Reputationsafe
https://outlook.office365.com0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://incidents.diagnostics.office.com0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/ios0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://api.addins.omex.office.net/api/addins/search0%URL Reputationsafe
https://insertmedia.bing.office.net/odc/insertmedia0%URL Reputationsafe
https://outlook.office365.com/api/v1.0/me/Activities0%URL Reputationsafe
https://api.office.net0%URL Reputationsafe
https://incidents.diagnosticssdf.office.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://clients.config.office.net/user/v1.0/android/policies0%URL Reputationsafe
https://api.microsoftstream.com/api/0%VirustotalBrowse
https://otelrules.svc.static.microsoft0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://login.microsoftonline.com/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://shell.suite.office.com:1443A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://designerapp.azurewebsites.netA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://autodiscover-s.outlook.com/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://useraudit.o365auditrealtimeingestion.manage.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://outlook.office365.com/connectorsA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://cdn.entity.A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://api.addins.omex.office.net/appinfo/queryA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://clients.config.office.net/user/v1.0/tenantassociationkeyA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
  • URL Reputation: safe
unknown
https://login.windows.localnullOUTLOOK_16_0_16827_20130-20241021T0141470771-4220.etl.0.drfalse
    		unknown
    https://powerlift.acompli.netA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://rpsticket.partnerservices.getmicrosoftkey.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://lookup.onenote.com/lookup/geolocation/v1A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cortana.aiA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://api.powerbi.com/v1.0/myorg/importsA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cloudfiles.onenote.com/upload.aspxA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://entitlement.diagnosticssdf.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    • URL Reputation: safe
    		unknown
    https://api.aadrm.com/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ofcrecsvcapi-int.azurewebsites.net/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://canary.designerapp.A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://ic3.teams.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://www.yammer.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://api.microsoftstream.com/api/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalseunknown
    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://cr.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
    • URL Reputation: safe
    		unknown
    https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      		unknown
      https://messagebroker.mobile.m365.svc.cloud.microsoftA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://otelrules.svc.static.microsoftA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalseunknown
      https://portal.office.com/account/?ref=ClientMeControlA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://clients.config.office.net/c2r/v1.0/DeltaAdvisoryA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://edge.skype.com/registrar/prodA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://graph.ppe.windows.netA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://res.getmicrosoftkey.com/api/redemptioneventsA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://powerlift-user.acompli.netA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://tasks.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
      • URL Reputation: safe
      		unknown
      https://login.windows.localROUTLOOK_16_0_16827_20130-20241021T0141470771-4220.etl.0.drfalse
        		unknown
        https://officeci.azurewebsites.net/api/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
        • URL Reputation: safe
        		unknown
        https://sr.outlook.office.net/ws/speech/recognize/assistant/workA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
        • URL Reputation: safe
        		unknown
        https://api.scheduler.A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
        • URL Reputation: safe
        		unknown
        https://my.microsoftpersonalcontent.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
          		unknown
          https://store.office.cn/addinstemplateA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
          • URL Reputation: safe
          		unknown
          https://api.aadrm.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
          • URL Reputation: safe
          		unknown
          https://edge.skype.com/rpsA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
          • URL Reputation: safe
          		unknown
          https://outlook.office.com/autosuggest/api/v1/init?cvid=A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            		unknown
            https://globaldisco.crm.dynamics.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://messaging.engagement.office.com/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://dev0-api.acompli.net/autodetectA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://www.odwebp.svc.msA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.diagnosticssdf.office.com/v2/feedbackA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.powerbi.com/v1.0/myorg/groupsA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://web.microsoftstream.com/video/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://api.addins.store.officeppe.com/addinstemplateA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://graph.windows.netA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://dataservice.o365filtering.com/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://officesetup.getmicrosoftkey.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://analysis.windows.net/powerbi/apiA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://prod-global-autodetect.acompli.net/autodetectA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://substrate.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://outlook.office365.com/autodiscover/autodiscover.jsonA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://consent.config.office.com/consentcheckin/v1.0/consentsA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
            • URL Reputation: safe
            		unknown
            https://d.docs.live.netA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
              		unknown
              https://safelinks.protection.outlook.com/api/GetPolicyA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
              • URL Reputation: safe
              		unknown
              https://ncus.contentsync.A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
              • URL Reputation: safe
              		unknown
              https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                		unknown
                https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                http://weather.service.msn.com/data.aspxA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://apis.live.net/v5.0/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://officepyservice.office.net/service.functionalityA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://templatesmetadata.office.net/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://messaging.lifecycle.office.com/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://mss.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://pushchannel.1drv.msA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://management.azure.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office365.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://wus2.contentsync.A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://incidents.diagnostics.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://clients.config.office.net/user/v1.0/iosA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://make.powerautomate.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.addins.omex.office.net/api/addins/searchA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://insertmedia.bing.office.net/odc/insertmediaA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://outlook.office365.com/api/v1.0/me/ActivitiesA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://api.office.netA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://incidents.diagnosticssdf.office.comA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://asgsmsproxyapi.azurewebsites.net/A75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown
                https://clients.config.office.net/user/v1.0/android/policiesA75D2443-4831-4BF1-859C-11B512BE74D3.0.drfalse
                • URL Reputation: safe
                		unknown

                World Map of Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1538403
                Start date and time:2024-10-21 07:40:42 +02:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 4m 18s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:14
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:iCal-20241022.ics
                Detection:CLEAN
                Classification:clean0.winICS@1/15@0/0
                Cookbook Comments:
                • Found application associated with file extension: .ics

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 52.109.32.97, 52.113.194.132, 52.109.76.243, 93.184.221.240, 20.42.65.88
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, time.windows.com, eur.roaming1.live.com.akadns.net, wu.azureedge.net, neu-azsc-000.roaming.officeapps.live.com, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, officeclient.microsoft.com, ukw-azsc-config.officeapps.live.com, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod.configsvc1.live.com.akadns.net, wu.ec.azureedge.net, self.events.data.microsoft.com, onedscolprdeus08.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, osiprod-neu-buff-azsc-000.northeurope.cloudapp.azure.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • Report size getting too big, too many NtReadFile calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):118
                Entropy (8bit):3.5700810731231707
                Encrypted:false
                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                MD5:573220372DA4ED487441611079B623CD
                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                Malicious:false
                Reputation:moderate, very likely benign file
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 4770 bytes, 1 file, at 0x2c +A "disallowedcert.stl", number 1, 1 datablock, 0x1 compression
                Category:dropped
                Size (bytes):4770
                Entropy (8bit):7.946747821604857
                Encrypted:false
                SSDEEP:96:9/nBu64pydcvOHRUfu0xK1bQYMRSRNoYmxYvk56sHMZhh4m:9/nBuP2cGxUfu6K1bpWJ6vfh4m
                MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
                SHA1:719C37C320F518AC168C86723724891950911CEA
                SHA-256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
                SHA-512:02F88DA4B610678C31664609BCFA9D61DB8D0B0617649981AF948F670F41A6207B4EC19FECCE7385A24E0C609CBBF3F2B79A8ACAF09A03C2C432CC4DCE75E9DB
                Malicious:false
                Reputation:high, very likely benign file
                Preview:MSCF............,...................O.................2Wqh .disallowedcert.stl....^K...CK.wTS...:.w.K'.C0T.....Bh.{....C.).*.....Y@...(..).R."E..D^6........u....|f~3...o.3. ..SPK.k.o#...."{-.U..P........:..aPr.@.d......Dy.h.....)..:...!./\A.....A<I_<$...q.h..........'.....7....H...@`T..K.S.%...Y4..R.....`.....-....D...(..b..-c."...G.=.dx..S+..2.a.E....d.L...77J...c.[..@..iT&..^78..g....NW6.Ek..FY.F........cNt.O.*..R....*......D...... k........J.y...z.d...;.9_t...].@....yw..}.x....d.t..`f\K..;|.*h.X...4/.;.xT......q>.0...<...3...X..L$.&.,b.....\V....\......G..O..@..H3.....t..J..).x.?.{[..G>.7...<...^Q..z..Gw9P..d....i].n%K}.*z..2.Py...A..s...z..@...4..........4.....*Y.d..._Z.5.s..fl.C..#.K{9^.E...k..z.Ma..G.(.....5g. ...}.t.#4....$;.,....S@fs....k......u .^2.#_...I........;.......w..P...UCY...$;.S._|.x..dK...[i..q..^.l..A.?.....'N.. .L.l......m.*.+f#]............A.;.....Z..rIt....RW....Kr1e=8.=.z:Oi.z.d..r..C_......o...]j.N;.s....3@3.dgrv.

                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:modified
                Size (bytes):338
                Entropy (8bit):3.168940403418952
                Encrypted:false
                SSDEEP:3:kkFklGkfllXlE/0htlX16pFRltB+SliQlP8F+RlTRe86A+iRlERMta9b3+AL0Wl0:kK3LN+SkQlPlEGYRMY9z+s3Ql2DUevat
                MD5:7025B99B74499F58A6AB037062F196B1
                SHA1:357BD73659C710A7E1AD6D767D2D632CB459C9A6
                SHA-256:DD12ABD2EF9C392819E58161F2396EE0D2AA228F650EF4884BAD16C7CF156183
                SHA-512:3C57A4DB23F065B3DF70D06F2410E88AF6C65A670F9CFEBE1B63CCDD3AEF153599439C2C8591950B94FB49241E03C806422BA55736CD3DACD77A026D2F33C1A6
                Malicious:false
                Reputation:low
                Preview:p...... ..........-.{#..(....................................................... .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):245980
                Entropy (8bit):4.3545326281559085
                Encrypted:false
                SSDEEP:3072:wPqgMh84g6miGu2QqoQRrt0FvMo/we2PPwE:gM8Omi2NU/we2PPP
                MD5:4C300BB092B28BBE9E20EE2D3A659581
                SHA1:DD3570671A1B7F3E4711AA14BFA01D4D5E0F4FF1
                SHA-256:BE054493A035DA91F4FC479FF40156E2D77F9656A1716C26A80695C167453DD9
                SHA-512:45F94DA9C84F4AF484623F8A041ECFF2632D776252457A6C49F0F91BD6F8F68B83470A4EA0C40A3847136025A6C9557DC050EA273B02EBB732B0CB85524E9167
                Malicious:false
                Reputation:low
                Preview:TH02...... .`1w.{#......SM01..........<.{#..........IPM.TaskRequest.Decline........h...............h`.:....j....H..hD.:............hh........,vwH..h.... ..........h....0..........h...............h.........c{....h=i;.H.....`....h..~.P....}:k...0....\.....~.....T.:.l.........2h...............k..f...........!h0-.j......:... h.c{.....h.....#h....8.........$h........@....."h........h.....'h.........P9k..1h|.............0h.........:.../hd.......0.:.H..h...k .....:...-h....0.....:...+hh...4....................... ..............FS..............FIPM.TaskRequest.Decline.Form....Standard.@x.Task Decline.G..IPM.Microsoft.FolderDesign.FormsDescription................F.k..........1111110000000000....Microsoft.p.This form is used to decline a task request.........kf...... ..........&...........(.......(... ...@...............................................................................................................................D@..............D@x.............DG...p..........DH..www.wwp.....

                C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A75D2443-4831-4BF1-859C-11B512BE74D3

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):178267
                Entropy (8bit):5.290272339709214
                Encrypted:false
                SSDEEP:1536:2i2XfRAqFbH41gwEwLe7HW8QM/o/NMdcAZl1p5ihs7EXXDEAD2Odago:ACe7HW8QM/o/TXgk9o
                MD5:499EFA2DC4C802938F7410ACBAC280E0
                SHA1:D5D09D3D2C5C2CED9A086481A6111BC185B00F43
                SHA-256:D3D825B498DF21AD1E5641E144B48DF7F998F05359C2771CE4F6BA541CC880B3
                SHA-512:E5D4672D1370351E7BE0B5C5C8BA231BC6BEB258DE23FA2324F3FB58A33C78ECBA1C4A67A76425467A5CE2968F0E6A9D25440525EE07E7E7CE71B87940F276F5
                Malicious:false
                Reputation:low
                Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2024-10-21T05:41:51">.. Build: 16.0.18209.40127-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://word-edit.officeapps.live.com/we/rrdiscovery.ashx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
                Category:dropped
                Size (bytes):4096
                Entropy (8bit):0.09216609452072291
                Encrypted:false
                SSDEEP:3:lSWFN3l/klslpF/4llfll:l9F8E0/
                MD5:F138A66469C10D5761C6CBB36F2163C3
                SHA1:EEA136206474280549586923B7A4A3C6D5DB1E25
                SHA-256:C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
                SHA-512:9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
                Malicious:false
                Reputation:high, very likely benign file
                Preview:SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-journal

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):4616
                Entropy (8bit):0.13760166725504608
                Encrypted:false
                SSDEEP:3:7FEG2l+hrll/FllkpMRgSWbNFl/sl+ltlslVlllfllhI:7+/lwg9bNFlEs1EP/+
                MD5:455FBAFE48E1C69CE2DC50C37C54055E
                SHA1:F61CB91C19085BB9C13B57955B70D853DED70D9D
                SHA-256:AB2D2399B6FB05EE9ECF5EEDEAFF9FD75DDE94D7A9148577B2CBE7F62A654684
                SHA-512:306E19FF1954E35E478137006527E64C8FDC1CEC40998770CDCAEEF9B334099AE03B84840F154E2899A0EA1DF67D3CE537982D78C3ACA0F4289F9551F839B221
                Malicious:false
                Preview:.... .c.....y5.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):32768
                Entropy (8bit):0.04495055541749482
                Encrypted:false
                SSDEEP:3:G4l2mttd3YRCl2mttd3YRlL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2mt/3ACl2mt/3UL9XXPH4l942U
                MD5:24A65006F367F8A265F5521DE79AD484
                SHA1:BCBA57549B07E84BC5C1255EEA4A2705D561435A
                SHA-256:691C6465A70AD1F5642B5461E0E4BF6401836F9385AF0D2D02D8DE37555B94BB
                SHA-512:07DAF164FD0B610017FE31316125DF0408DB3A26E82B7EA64FB9BA98F1643CD353115AEE817C61399B36AF21D3B7D94A06488B47581B345C43CB4C37B68FF8A8
                Malicious:false
                Preview:..-.....................,..._.9.....)T<..B..}.;..-.....................,..._.9.....)T<..B..}.;........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:SQLite Write-Ahead Log, version 3007000
                Category:dropped
                Size (bytes):45352
                Entropy (8bit):0.39486868465586583
                Encrypted:false
                SSDEEP:24:KckHGTQ3zRDzYUll7DBtDi4kZERDpzqt8VtbDBtDi4kZERD+:xkHGTQ1IUll7DYMlzO8VFDYM
                MD5:92CE180047D2B5B0CC0208EB279C4FF3
                SHA1:BA7E3944A657AF21C48AF1D4C6A5CA058E8BB9AD
                SHA-256:8765F66946571CFE17EDD937B66D5E01EF03BA0D5F2DD1873B5410C14313F198
                SHA-512:27EF8554691A129E8AB8BFF6590DAA6AC7ED29B680384EB2C7F1EC93435FEBAE05CC3562875FDD6925C1E0C9AF34172C5CA385204FA2261D58AAA5E621433EEF
                Malicious:false
                Preview:7....-...............)T<.)..\.............)T<.......SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):2278
                Entropy (8bit):3.854092991935212
                Encrypted:false
                SSDEEP:48:uiTrlKxsxxUxl9Il8uTmht0v/M0o4fzYV0bmL/ZqN/Ndd1rc:vIYFot0Y4fzS0m/ZMI
                MD5:F37590B8FA7B4BF77CCBC920BAE6C906
                SHA1:DF01FC8744293D042D98FC2408F9318EBD5B8524
                SHA-256:679C67EAA72769566FB87974BFA7481B181B2ED067E3453DB87BDDB47D1D9EE9
                SHA-512:8E84E08C15C992B8A4DBE1583540158072F4D4FF1902B40D9B92B5088FA2BD1A2C9B3F9E6BA8B36BC9A693F4C056C7558802C5FABCBF3A815D2EBB1D2412CAFE
                Malicious:false
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.j.b.T.4.Q.j.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.T.r.Y.3.G.

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):2684
                Entropy (8bit):3.903358272003824
                Encrypted:false
                SSDEEP:48:uiTrlKxJxm7xl9Il8uTUnGMM1pcl7G+B7OLREsNqWbybd/vc:LYFUnGnpuG+cLRExWem
                MD5:1B17A2097D47B269212C49554B75D24D
                SHA1:8639FD6F3FC4EC31B9F37A572158E04AB123E0BD
                SHA-256:7D515BD2C904B1FF05677260439FFBF27AEB964DF9C77936082AE2583A58B609
                SHA-512:267FC81C49E0A1804D4764D986A7215474089D6854627507FEB91764E3EE95C05E8C76857663914FC6C9A08B7F8C9496D2CA47E3757A0CEB5D5D36E933DE1F6A
                Malicious:false
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".D.h.d.w.Z.0.1.C.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.T.r.Y.3.G.

                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):4542
                Entropy (8bit):3.999336132120438
                Encrypted:false
                SSDEEP:96:RJYFMKi0zZhOdy4D8FFGfdhzD9TkzyuCEB:vTcDKyqkF4dhzD9T59EB
                MD5:A32AF07968B1DC2EC4D00F9B8AAD092C
                SHA1:B5309C31755D595403707087C34D8D9DF1DAB9FD
                SHA-256:E5186ED95318D1199AF60C78C12B0326A7A2B3CCE2E03D3A6DC4405C30256E82
                SHA-512:596BFFCC9641E6860076B8C115FAACE6318ABD0EFE4F0D14BC9B8B794D9663EC1D0CDE13B9F54875E3C5C4CBA38F36ED00CFF5DB9FA80A2AA47E1A2063E11768
                Malicious:false
                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".T.c.n.X.N.X.w.j.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.b.T.r.Y.3.G.

                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729489309338062500_AC72207D-7AB5-4621-8DC4-7B1257DB94B4.log

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):20971520
                Entropy (8bit):0.00619493839929897
                Encrypted:false
                SSDEEP:192:LZRVKTScLsn9OYDm+sBcdS4E96V4NPa6jzKdB92:F6TVL0OY6+vdtEMVayS0Bg
                MD5:85497F121D03499F0201242C239065D6
                SHA1:654FFAB40352338C606A78995EDD1D7ABBD4853B
                SHA-256:C19A39265B3A16968B0D137C0451FE2BE254DC6837A93CC59F836E314CFF0830
                SHA-512:9608B794D6E2477D80969F749C0899F841668E5742FBFE5CA96C2A8B8E383AD8986ABD5BCAC197F27A7444F82FB47E9CB9A625048A7C816B437791B60DA766F4
                Malicious:false
                Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..10/21/2024 05:41:49.583.OUTLOOK (0x107C).0x1198.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":20,"Time":"2024-10-21T05:41:49.583Z","Contract":"Office.System.Activity","Activity.CV":"fSByrLV6IUaNxHsSV9uUtA.10.1","Activity.Duration":427,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...10/21/2024 05:41:49.583.OUTLOOK (0x107C).0x1198.Microsoft Outlook.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":21,"Time":"2024-10-21T05:41:49.583Z","Contract":"Office.System.Activity","Activity.CV":"fSByrLV6IUaNxHsSV9uUtA.10","Activity.Duration":2547,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.

                C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1729489309338735700_AC72207D-7AB5-4621-8DC4-7B1257DB94B4.log

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):20971520
                Entropy (8bit):0.0
                Encrypted:false
                SSDEEP:3::
                MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                Malicious:false
                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20241021T0141470771-4220.etl

                Download File
                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                File Type:data
                Category:dropped
                Size (bytes):77824
                Entropy (8bit):4.8334048119490225
                Encrypted:false
                SSDEEP:768:JM5/mA4AMxj+sbwakMfwC9BQLN/oPvmWeWOPWX:UWAMxj+sbFkMfwC9B+u
                MD5:A1BBA0CA55265725F291A228A9DEDEC6
                SHA1:9F4DD7E39B7FF4260824070B030BAB5DC20DD29A
                SHA-256:5F484515B4279422A0A59B1467CCE085556B3ED73BF2F5DB2A8FE386D633196D
                SHA-512:D97457ABBAD75CF442C6BF90F43FA997B956577D581DA9C64339A4A37CF17274A27036BD81FAA4656DF7A8DABE8BDDC1D7C876E625FE7EE64AE9FC9380E62717
                Malicious:false
                Preview:............................................................................h.......|......{#..................eJ..............Zb..2...................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1.............................................................#DT..............{#..........v.2._.O.U.T.L.O.O.K.:.1.0.7.c.:.e.d.e.0.1.8.5.8.f.d.b.e.4.1.7.a.a.9.5.8.a.e.4.7.e.b.3.8.3.6.f.f...C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.u.t.l.o.o.k. .L.o.g.g.i.n.g.\.O.U.T.L.O.O.K._.1.6._.0._.1.6.8.2.7._.2.0.1.3.0.-.2.0.2.4.1.0.2.1.T.0.1.4.1.4.7.0.7.7.1.-.4.2.2.0...e.t.l.......P.P.....|......{#..................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:vCalendar calendar file
                Entropy (8bit):4.882089329124767
                TrID:
                • iCalendar - vCalendar (13006/1) 100.00%
                File name:iCal-20241022.ics
                File size:4'545 bytes
                MD5:58c440bacf1c5015d6746e337261af0b
                SHA1:57d9e2f23113cc05cf9bfba3c49084bf0dad1bd0
                SHA256:e9e95355bd848e1c89f50de4e5b39564c4e3e5105fcdad83ac83bcf636b80e0e
                SHA512:feae766b8f90dc4e93fe88ea4b95f4f727b942cb27eaa6f08162abc90fddb3f53eae9afe0c77f65f1a812574aeac7a8bcb21f2c9a0f94b0b8ffac8f8f896d074
                SSDEEP:96:EYf6GnL8XxUaBFm1myWbJmB0UxvTEJrUE3IH:V6HxU8ysey1c
                TLSH:1391F05D90727E94FB1A992619ECBAE816E334FF99D6D5F142D242DE1CE0414F07CC22
                File Content Preview:BEGIN:VCALENDAR..PRODID:-//caldav.icloud.com//CALDAVJ 2427B558//EN..METHOD:REQUEST..VERSION:2.0..BEGIN:VEVENT..ATTENDEE;CN=".... .......... ";CUTYPE=INDIVIDUAL;PARTSTAT=ACCEPTED;EMAIL=tals500.. i@gmail.com;ROLE=CHAIR:mailto:2_HAYTMMZVGE3DSMZYGE3DGNJRG3K2E

                File Icon

                Icon Hash:69a88280a28280a2

                Network Behavior

                No network behavior found

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:01:41:46
                Start date:21/10/2024
                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
                Wow64 process (32bit):true
                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLOOK.EXE" /ical "C:\Users\user\Desktop\iCal-20241022.ics"
                Imagebase:0x130000
                File size:34'446'744 bytes
                MD5 hash:91A5292942864110ED734005B7E005C0
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:false

                Disassembly

                No disassembly